Open maraino opened 3 years ago
--key-format
Consider to use PKCS#8 by default, DecryptPEMBlock and EncryptPEMBlock have been deprecated, see https://golang.org/pkg/crypto/x509/#DecryptPEMBlock
Any updates on this one? We're using Azure which requires pkcs8 to import to key vault, so this would be nice.
@peteroneilljr not done yet, but you can convert to pkcs#8 using:
step crypto key format --pem --pkcs8 my.key > my.p8
If you don't want a password protected key, you must use --no-password --insecure
Add option to save a private key using PKCS #8Description
Some frameworks do not support
PKCS #1
ORSEC1 EC
formats for the private key and require the use ofPKCS #8
. See https://github.com/smallstep/autocert/issues/17#issuecomment-725966689We should add the flag--pkcs8
or--format pkcs8
to at least the following commands:step ca certificate
step ca sign
step ca renew
Autocert should also support this option.
Currently we can transform a PKCS #1 or SEC1 EC key to PKCS #8 using:
Update
We should default to store private keys, specially the encrypted ones using PKCS#8 and perhaps add a way to use
PKCS #1
/SEC1 EC
onstep ca
commands.