python-jose
python-jose copied to clipboard
mpdavis
to_pem compatibility issues
With the new backends now in place and trying to get pure python rsa backend implemented, I found out that the RSA backends currently have unified a funny "standard" in that they're outputting PKCS#1 formatted PEM for private keys and PKCS#8 formatted PEM for public keys.
PKCS#1 and PKCS#8 are two standards of serializing keys. PKCS#1 is RSA only and can be identified by -----BEGIN RSA PRIVATE KEY----- or -----BEGIN RSA PUBLIC KEY-----, followed by the key data.
PKCS#8 is generalized. Usually identified by -----BEGIN PRIVATE KEY----- or -----BEGIN PUBLIC KEY-----, it also has a header, which specifies the key type, e.g. RSA, which is then followed by the same key data as PKCS#1.
The problem is that if this gets released, it's going to be cumbersome to maintain. The keys previously didn't have to_pem method, so this isn't related to previous releases.
The library should probably:
- [ ] test both PKCS#1 and PKCS#8 formatted keys as input
- [ ] standardize on output
- [ ] support choosing desired output format
