agent-rs
agent-rs copied to clipboard
Ed25519 pkcs8/pem has a wrong format
Just want to make a note that using ring::signature::Ed25519KeyPair::generate_pkcs8() has a bug that creates wrongly formatted pkcs8 strings or PEMs. See this thread for more details https://github.com/briansmith/ring/issues/1464.
What it means for us:
- Ed25519 PEMs created from dfx cannot be parsed by other standard tools or libraries (e.g. Rust library pkcs8). This likely only affects pems generated from old dfx versions because we have switched to using Secp256k1 as the default.
- It seems that dfx or ic-agent cannot parse properly formatted ed25519 pkcs8 v2 strings or PEM files. This may require a fix depending on how urgent we think it is. PKCS8 v2 / PEM format for ed25519 is in a sorry state, because standard tools like openssl has yet to support it https://github.com/openssl/openssl/issues/10468.
Maybe other people have better suggestions?