[Botan-devel] Getting the binary form of the key

Jack Lloyd lloyd at randombit.net
Fri Oct 9 23:56:03 EDT 2009


On Fri, Oct 09, 2009 at 11:31:00PM -0400, Jack Lloyd wrote:
> On Fri, Oct 09, 2009 at 10:08:15PM -0400, Z. S. O. wrote:
> > By the way, I'm guessing that the load_key function is still unable to
> > decode a RAW_BER encoded key, correct?
> 
> It should be able to do so, but something has clearly become broken at
> some point because it's not working for me either. I'm poking at it
> now. Thanks for the report.

Ahhh.

OK, not exactly a bug, precisely, just something that is unfortunate
and not really well specified at all. (I mean, contemplate that I
thought this was a bug for at least 10 minutes, and I wrote the code).

PKCS #8 has two forms - unencrypted and encrypted. To tell the
difference, if the input is PEM the code looks at if the PEM
description is "ENCRYPTED PRIVATE KEY" or "PRIVATE KEY". However if it
is not PEM then there is no (easy) way to distinguish, and the code
assumes encrypted, throwing a decoding failure if it is not because
the format of course is wrong in that case. When you PEM encode, you
are giving the needed hint on the decoding side.

This is certainly on the wow-thats-ugly-this-should-be-fixed list,
along with a general redo of the PKCS #8 code (which dates back many
years and is somewhat funky, I think it could be done in a much better
way), but, as always, limits on time/money/energy constrain.

-Jack



More information about the botan-devel mailing list