Skip to content

Use PKCS #8 by default for private keys #387

New issue
New issue
Open
Open
Use PKCS #8 by default for private keys#387
Labels
enhancementneeds triageWaiting for discussion / prioritization by team
Milestone
v0.28.8
@maraino

Description

@maraino
maraino
opened on Nov 12, 2020

Add option to save a private key using PKCS #8

Description

Some frameworks do not support PKCS #1 OR SEC1 EC formats for the private key and require the use of PKCS #8.
See smallstep/autocert#17 (comment)

We should add the flag --pkcs8 or --format pkcs8 to at least the following commands:

  • step ca certificate
  • step ca sign
  • step ca renew

Autocert should also support this option.

Currently we can transform a PKCS #1 or SEC1 EC key to PKCS #8 using:

step crypto key format --pkcs8 --pem --no-password --insecure --out site.pkcs8.pem site.pem

Update

We should default to store private keys, specially the encrypted ones using PKCS#8 and perhaps add a way to use PKCS #1 / SEC1 EC on step ca commands.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementneeds triageWaiting for discussion / prioritization by team

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions