Re: [RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser [ver 3]

From: David Woodhouse
Date: Wed May 11 2016 - 15:11:13 EST

Next message: Maxime Ripard: "Re: [PATCH 0/2] ARM: dts: sunxi: Add display clocks to sun[47]i.dtsi"
Previous message: Paul Bolle: "Re: [PATCH v2 6/6] drm: Add helper for simple display pipeline"
In reply to: David Howells: "[RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser [ver 3]"
Next in thread: Mat Martineau: "Re: [RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser [ver 3]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2016-05-11 at 15:22 +0100, David Howells wrote:
> Implement PKCS#8 RSA Private Key format [RFC 5208] parser for the
> asymmetric key type.Â For the moment, this will only support unencrypted
> DER blobs.Â PEM and decryption can be added later.

I would recommend *not* adding PEM and decryption support. That can
live in userspace. You don't want to end up with the whole set of
handlers for all the weird formats, from PKCS#12 to OpenSSL's non-
standard encrypted PEM files.

Trust me, I implemented a whole bunch of that for OpenConnect. You
don't want it. Just mandate unencrypted binary PKCS#8 (or PKCS#1).

--
David Woodhouse Open Source Technology Centre
David.Woodhouse@xxxxxxxxx Intel Corporation

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Next message: Maxime Ripard: "Re: [PATCH 0/2] ARM: dts: sunxi: Add display clocks to sun[47]i.dtsi"
Previous message: Paul Bolle: "Re: [PATCH v2 6/6] drm: Add helper for simple display pipeline"
In reply to: David Howells: "[RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser [ver 3]"
Next in thread: Mat Martineau: "Re: [RFC PATCH 8/8] KEYS: Implement PKCS#8 RSA Private Key parser [ver 3]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]