From d776122ea44138b8dc84715e7f32176cc88bd081 Mon Sep 17 00:00:00 2001 From: Navaneeth Rameshan Date: Wed, 24 Nov 2021 20:24:06 +0100 Subject: [PATCH] recognize ed25519 key type and return PKCS8 format (#13257) * return pkcs8 format for ed25519 curve convertRespToPKCS8 does not recognize the ed25519 key. Changes to recognize ed25519 key and return its PKCS8 format --- builtin/logical/pki/cert_util.go | 6 ++++++ changelog/13257.txt | 3 +++ 2 files changed, 9 insertions(+) create mode 100644 changelog/13257.txt diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index 69fbb07d963a..10a659426533 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -1162,6 +1162,12 @@ func convertRespToPKCS8(resp *logical.Response) error { signer, err = x509.ParsePKCS1PrivateKey(keyData) case certutil.ECPrivateKey: signer, err = x509.ParseECPrivateKey(keyData) + case certutil.Ed25519PrivateKey: + k, err := x509.ParsePKCS8PrivateKey(keyData) + if err != nil { + return fmt.Errorf("error converting response to pkcs8: error parsing previous key: %w", err) + } + signer = k.(crypto.Signer) default: return fmt.Errorf("unknown private key type %q", privKeyType) } diff --git a/changelog/13257.txt b/changelog/13257.txt new file mode 100644 index 000000000000..10a4902f2e5f --- /dev/null +++ b/changelog/13257.txt @@ -0,0 +1,3 @@ +```release-note:bug +secrets/pki: Recognize ed25519 when requesting a response in PKCS8 format +```