encrypted PKCS#8 API private keys are not supported

[obno]

Private keys created from either openssl genrsa or oci setup config are in encrypted PKCS#8 format by default. However x509.ParsePKCS8PrivateKey only supports unecrypted private keys.

This is a bit of a let down for golang based CLIs where users typically expect to use keys generated from oci setup config.

You could use github.com/youmark/pkcs8 for parsing keys, which supports encrypted keys, instead of the golang std library.

[JoshuaWR]

Hi @obno, not sure if this is your exact use case, but could you use helpers.PrivateKeyFromBytesWithPassword ? It should take the key, decrypt it, and then parse with x509.ParsePKCS8PrivateKey.