add method to import PEM formatted PKCS8 keys #64
Conversation
| let mut len = 0; | ||
| let res = wincrypt::CryptStringToBinaryA(pem.as_ptr() as ntdef::LPCSTR, | ||
| pem.len() as winapi::DWORD, | ||
| wincrypt::CRYPT_STRING_BASE64_ANY, |
There was a problem hiding this comment.
Should be CRYPT_STRING_BASE64HEADER, I think (same below)
There was a problem hiding this comment.
I do not think so, parsing should work for PEM files with & without header.
|
I think windows only checks if the header begins with a "BEGIN". |
|
Sounds good to me, what do you think of renaming |
|
What happens if you try to pass in a PKCS1 key? |
Goirad
force-pushed
the
import_pkcs8_pem
branch
from
c19dc11
to
5c4cd75
Compare
|
Turns out it rejects PKCS1 keys. I've added a test to that effect. Also it seems tests are failing for unrelated reasons. |
I think |
|
Is there anything else that you want me to change for this PR? |
|
@Goirad It's fine from my side, maybe @sfackler wants some changes before this fits into how you intend to use it in native-tls - atleast that's what I gathered. |
|
@steffengy Can we get a release? |
|
@Goirad Sure, done. |
I have added a method to import PEM formatted keys. Ideally, the other method would be changed to
import_pkcs8_der, but that would require a major version bump.Also of note, windows does not validate the PEM headers, and only checks that the header matches the footer. It is unclear to me whether this crate is the place to add that logic, or whether it would be sufficient to add rudimentary checks on the input string in the
import_pkcs8_pemmethod.Another alternative would be add something like a
parse_pkcs8_pemmethod and leave it to the user of this library to call that first before then callingimport_pkcs8on the result. I would be happy to use that approach instead and include the header checking there if that is a preferred structure.