pem icon indicating copy to clipboard operation
pem copied to clipboard

Published 20 hours ago verified publisher icon hynek

Add support for PEM headers or explanatory text.

Open adiroiban opened this issue 4 years ago • 4 comments

Maybe this should be split into 2 tickets... one for RFC 7468 explanatory text and another one for internal comments/headers.

Feel free to close this ticket if is not relevant. I just wanted to highlight this issue.

The use case is that some people might want to tag a certain key (public or private...or certificate). For example to signal if a key is for testing or for production and to not accidentally copy/use a testing file in production.

As a start, I think that this data can be exported as explanatory_raw and just have the raw text without trying to parse it in list of key-value

In https://tools.ietf.org/html/rfc7468 the headers/comments are described as being stored outside of the armor markers

Subject: CN=Atlantis
Issuer: CN=Atlantis
Validity: from 7/9/2012 3:10:38 AM UTC to 7/9/2013 3:10:37 AM UTC
-----BEGIN CERTIFICATE-----
MIIBmTCCAUegAwIBAgIBKjAJBgUrDgMCHQUAMBMxETAPBgNVBAMTCEF0bGFudGlz
MB4XDTEyMDcwOTAzMTAzOFoXDTEzMDcwOTAzMTAzN1owEzERMA8GA1UEAxMIQXRs
YW50aXMwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAu+BXo+miabDIHHx+yquqzqNh
Ryn/XtkJIIHVcYtHvIX+S1x5ErgMoHehycpoxbErZmVR4GCq1S2diNmRFZCRtQID
AQABo4GJMIGGMAwGA1UdEwEB/wQCMAAwIAYDVR0EAQH/BBYwFDAOMAwGCisGAQQB
gjcCARUDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDAzA1BgNVHQEE
LjAsgBA0jOnSSuIHYmnVryHAdywMoRUwEzERMA8GA1UEAxMIQXRsYW50aXOCASow
CQYFKw4DAh0FAANBAKi6HRBaNEL5R0n56nvfclQNaXiDT174uf+lojzA4lhVInc0
ILwpnZ1izL4MlI9eCSHhVQBHEp2uQdXJB+d5Byg=
-----END CERTIFICATE-----

Some SSH or PGP formats include support for headers... which are free text values found before the payload but inside the armor and which usually are not signed or protected or encrypted.

They are more like a kind of comment or meta-data

---- BEGIN SSH2 PUBLIC KEY ----

Comment: "rsa-key-20160402"
AAAAB3NzaC1yc2EAAAABJQAAAgEAiL0jjDdFqK/kYThqKt7THrjABTPWvXmB3URI
MORE_DATA_HERE

or PGP

   -----BEGIN PGP MESSAGE-----
   Version: OpenPrivacy 0.99

   yDgBO22WxBHv7O8X7O/jygAEzol56iUKiXmV+XmpCtmpqQUKiQrFqclFqUDBovzS
   vBSFjNSiVHsuAA==
   =njUN
   -----END PGP MESSAGE-----

adiroiban avatar Apr 09 '20 16:04 adiroiban

Would a dict be enough or are the fields properly standardized for certain types?

hynek avatar Apr 10 '20 09:04 hynek

At this point I am trying to gather the documentation/specification for this feature.

First we need to add basic payload parsing for each RFC... and then we can look at the headers.

Based on the RFCs that I found, I think a dict is enough.

I think that this needs to be implemented in more parts based on each RFC:

  1. the outside explanatory text for https://tools.ietf.org/html/rfc7468
  2. PEM inside headers https://tools.ietf.org/html/rfc1421
  3. The inside headers from OpenPGP standard https://tools.ietf.org/html/rfc4880#section-6.2
  4. SSH Public key https://tools.ietf.org/html/rfc4716

adiroiban avatar Apr 10 '20 11:04 adiroiban

Would a dict be enough or are the fields properly standardized for certain types?

I think that a dict should be enough... and the dict can have different semantic based on the PEM object type.

adiroiban avatar Jan 20 '21 23:01 adiroiban

I've added the support for headers in #75.

hynek avatar Jun 20 '23 14:06 hynek