-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for encrypted PKCS8 or PKCS12 private keys #2834
Comments
Please explain your use case in detail. What exactly do you mean by "Support for encrypted PKCS8 or PKCS12 private keys"? Support where? What do you want to do with these keys? If it's about making requests with such client keys, I think the Or do you want to encrypt/decrypt arbitrary data with such keys during the k6 script execution? If so, we are already working on implementing the WebCrypto APIs in k6 in https://github.com/grafana/xk6-webcrypto. That extension will likely be merged as a built-in Or do you want to do something else with such keys? 😅 Please elaborate with your specific use case and needs. |
Hi, I want to be able to do api calls with the certs provided by my company that only provide these formats. There's not a lot of documentation on what type of certification is permitted with |
Ah, I see, this is the relevant part of the k6 code: Lines 166 to 169 in d81bb41
It was added in #2488 and the limitation seems quite intentional. I think it is because the Go standard library doesn't have support for it, and probably doesn't plan to add support for it any time soon, see golang/go#8860 🤔 Not sure we'd want to import some custom library just to deal with this corner case... Maybe it will be better to solve #2186 and rely on WebCrypto's ability to decode PKCS8 keys 🤔 In any case, until this issue is solved in either way, it seems like k6 only supports private keys that are encrypted like this, though I am unsure how you can convert your keys to that format, sorry: Lines 336 to 345 in d81bb41
|
This will be solved by the WebCrypto extension, and won't be implemented in core k6. Recently decryption was added for AES keys, and support for PKCS formats is on the roadmap. Since I'll close this issue, so please follow the development of the WebCrypto extension, and suggest any features in its repo, as well as the new HTTP API developments. |
Feature Description
Hello, encrypted pkcs8 and pkcs12 keys are the only format available in my company. When do you think this will become available with k6? Or do you have any other way / library / extension to make it work with k6 already?
Thanks,
Lucas
Suggested Solution (optional)
No response
Already existing or connected issues / PRs (optional)
No response
The text was updated successfully, but these errors were encountered: