[CDRIVER-4269] Unable to load PKCS#8 private key with SChannel Created: 26/Jan/22 Updated: 10/Feb/23 |
|
| Status: | Backlog |
| Project: | C Driver |
| Component/s: | None |
| Affects Version/s: | 1.20.1 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Unknown |
| Reporter: | Kevin Albertson | Assignee: | Unassigned |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Epic Link: | CDRIVER-4575 | ||||
| Description |
SummaryPrivate keys can be in PKCS#1 or PKCS#8 format. Secure Channel on Windows is unable to load PKCS#8 encoded private keys. How to ReproduceStart a server and require client certificates. Use test .pem files from the https://github.com/mongodb-labs/drivers-evergreen-tools repo:
Use the repro environment here: Use the run.sh script to test connecting with a PKCS#1 key (succeeds) and a PKCS#8 private key (fails):
Gets the following output on Windows:
Additional BackgroundSee See https://stackoverflow.com/a/48960291/774658 for additional background on PKCS#1 and PKCS#8 format. Workaround As a workaround, users can convert PKCS#8 to PKCS#1 for an RSA key:
|