<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:34:03 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[GODRIVER-364] Support PKCS8 encrypted client private keys</title>
                <link>https://jira.mongodb.org/browse/GODRIVER-364</link>
                <project id="14289" key="GODRIVER">Go Driver</project>
                    <description>&lt;p&gt;Go&apos;s support for encrypted private keys only handles decryption of the outer PEM layer, it does not support decryption of the PEM-decoded PKCS8 data. See &lt;a href=&quot;https://github.com/golang/go/issues/8860&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;Go issue#8860&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;That ticket references a 3rd party library, &lt;a href=&quot;https://github.com/youmark/pkcs8&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/youmark/pkcs8&lt;/a&gt; , which does PKCS8 decryption &amp;#8211; but only for a single encryption algorithm, which might be a useful starting point for full support.&lt;/p&gt;</description>
                <environment></environment>
        <key id="526349">GODRIVER-364</key>
            <summary>Support PKCS8 encrypted client private keys</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="benji.rewis@mongodb.com">Benji Rewis</assignee>
                                    <reporter username="david.golden@mongodb.com">David Golden</reporter>
                        <labels>
                            <label>FY21Q4</label>
                            <label>neweng</label>
                    </labels>
                <created>Fri, 13 Apr 2018 02:26:46 +0000</created>
                <updated>Tue, 26 Oct 2021 10:09:34 +0000</updated>
                            <resolved>Mon, 1 Feb 2021 18:51:02 +0000</resolved>
                                                    <fixVersion>1.5.0</fixVersion>
                                    <component>Options &amp;amp; Configuration</component>
                                        <votes>4</votes>
                                    <watches>10</watches>
                                                                                                                <comments>
                            <comment id="3610930" author="kevin.albertson" created="Thu, 11 Feb 2021 04:15:56 +0000"  >&lt;p&gt;Cherry-picked onto release/1.5 with &lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/74b156e6d52ba5975d61c1b24584428ffd8adb48&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/74b156e6d52ba5975d61c1b24584428ffd8adb48&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3593138" author="xgen-internal-githook" created="Mon, 1 Feb 2021 18:50:06 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;Benjamin Rewis&apos;, &apos;email&apos;: &apos;32186188+benjirewis@users.noreply.github.com&apos;, &apos;username&apos;: &apos;benjirewis&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/GODRIVER-364&quot; title=&quot;Support PKCS8 encrypted client private keys&quot; class=&quot;issue-link&quot; data-issue-key=&quot;GODRIVER-364&quot;&gt;&lt;del&gt;GODRIVER-364&lt;/del&gt;&lt;/a&gt; Support PKCS8 encrypted client private keys (#565)&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/commit/15a10511b52f5f50147d572d66c3eec3adfe1ade&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/commit/15a10511b52f5f50147d572d66c3eec3adfe1ade&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="3592788" author="benji.rewis" created="Mon, 1 Feb 2021 17:07:58 +0000"  >&lt;p&gt;Generating PKCS8 encrypted client private keys with PKCS 5 v2.0 (the schema the Go driver will now support) is rather specific. For future reference:&lt;/p&gt;

&lt;p&gt;If using openssl to create &quot;client-pkcs8-encrypted.pem&quot; from &quot;client.pem&quot;:&lt;/p&gt;

&lt;p&gt;&lt;tt&gt;openssl pkcs8 -v2 des3 -topk8 -inform PEM -outform PEM -in client.pem -out client-pkcs8-encrypted.pem&lt;/tt&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="3576922" author="benji.rewis" created="Thu, 21 Jan 2021 23:11:35 +0000"  >&lt;p&gt;&lt;a href=&quot;https://github.com/mongodb/mongo-go-driver/pull/565&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-go-driver/pull/565&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2748647" author="jay.pearson" created="Tue, 21 Jan 2020 22:45:07 +0000"  >&lt;p&gt;The generally accepted work around to change the PEM file to RSA format does not work in a FIPS environment. This resulted in a customer I was working with using unencrypted PEM key files in their FIPS environment.&#160; Red Hat is developing their own library to address the issue:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;https://developers.redhat.com/blog/2019/06/24/go-and-fips-140-2-on-red-hat-enterprise-linux/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://developers.redhat.com/blog/2019/06/24/go-and-fips-140-2-on-red-hat-enterprise-linux/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;See&#160;HELP-2044 and HELP-13060&lt;/p&gt;</comment>
                            <comment id="2120556" author="craiggwilson" created="Fri, 18 Jan 2019 17:09:56 +0000"  >&lt;p&gt;Also see here for examples using that library: &lt;a href=&quot;https://github.com/10gen/mongohouse/tree/master/internal/util/tlsutil&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongohouse/tree/master/internal/util/tlsutil&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="2120347" author="david.golden" created="Fri, 18 Jan 2019 15:23:47 +0000"  >&lt;p&gt;Some interim improvements might include:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;Looking for the &quot;BEGIN ENCRYPTED PRIVATE KEY&quot; header and issue a specific &quot;Encrypted PKCS8 format not supported&quot; error instead of a generic &quot;failed to parse private key&quot;&lt;/li&gt;
	&lt;li&gt;Documenting the limitation in &lt;tt&gt;SSLOpt&lt;/tt&gt; with any recommended workarounds (such as converting encrypted PKCS8 format to encrypted PKCS1 format)&lt;/li&gt;
&lt;/ul&gt;
</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                                                <inwardlinks description="is duplicated by">
                                        <issuelink>
            <issuekey id="1585957">GODRIVER-1830</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                        <issuelink>
            <issuekey id="513555">GODRIVER-287</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="526377">TOOLS-2013</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                    <customfield id="customfield_13552" key="com.go2group.jira.plugin.crm:crm_generic_field">
                        <customfieldname>Case</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[[500A000000ZsaYXIAZ, 5002K00000nnqbTQAQ, 5002K00000xEM58QAG]]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hr76xr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>