Open mitar opened 8 years ago
cc @wh0
the pkcs8 format is not 1:1 compatible with OpenSSL DER format, AFAIK. There's some extra padding involved with pkcs8 specifically. you might be able to use Forge, which is used internally in subtle, to get thinks into the format you're looking for. A good starting point would be src/node/algorithms/shared/RSA.js in this repo, where you can see some of the forge usage for importing/exporting keys.
sorry I can't be of more help, I built this repo as a very thin API wrapper over other libraries simply to shoehorn the same crypto API in node/browser, so if you're looking for more thorough implementations you may be better served by forge or pkijs.org
You can concert the key to an PKCS8 with a command similar to this:
openssl pkcs8 -topk8 -v2 aes-256-cbc -out key.pem -in inkey.pem
+1 Thanks @rmhrisk
Tangentally related you may find this post interesting: https://unmitigatedrisk.com/?p=543
This does not work? So for the above script, if I run:
openssl pkcs8 -topk8 -v2 aes-256-cbc -out key.pem -in private.der
I get:
unable to load key
39597:error:0906D06C:PEM routines:PEM_read_bio:no start line:/SourceCache/OpenSSL098/OpenSSL098-52.40.1/src/crypto/pem/pem_lib.c:648:Expecting: ANY PRIVATE KEY
It seems the issue is that for Webcrypto a header is being added to the file. If I remove that PKCS header from the file (first 26 bytes) then I can open it nicely. This is also what importing the file in this library does. Removes the header and then reads it with forge library.
I am using the following code to generate a pair key:
But I am unable to open them and display them with OpenSSL:
Am I doing something wrong or does Subtle crypto not use standard formats?