-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pair.encodePkcs8() not interoperable #1858
Comments
On the other hand, the I cannot locate the implementation of the function, as this has been imported from WASM, and I cannot review what it actually does. I cannot find a function with that name neither in Substrate or Polkadot repositories. Anybody knows where is |
It is not a Polkadot/Substrate standard. It is purely a Polkadot Js function used to encode the keyring for internal usage and storage. It is always assumed that anything encoded with this will be decoded with the same (reverse) function. As such there is no appetite to change it since -
The Polkadot JS-specific encoding is handled here - https://github.com/polkadot-js/common/tree/master/packages/util-crypto/src/json |
@jacogr Thanks, I can see where the issue may be coming from. It could be that the header used is actually for an RSA key, I will dig deeper.
Well, at least we should add documentation if it turns out that PKCS8 is actually not PKCS8. Also I believe that adding an `encodeStandardPkcs8' would definitely not hurt. Even better and less confusing would be to add encodePEM() as implemented as Standard PKCS8 in PEM format, and ensuring interoperability at least with NodeJS crypto packages and OpenSSL.
We are specifically looking into key interoperability as part of DINFRA project, which is in the Web3 Grants program. We are going to be attempting key interoperability with a number of other opensource projects, so we are happy contribute to this. We are happy to participate in selecting which format/s would be nice to have for best interoperability. |
Polkadot jS api provides a function
encodePkcs8()
to encode an private key of typeed25519
to the PKCS8 standard.We cannot achieve interoperability with other software using the same standard, in particular NodeJS crypto package or OpenSSL.
The data type returned by
encodePkcs8()
should conform with the standard and ideally be easy to use with other software using the same standard.Version: Node 18 / Openssl
Environment: Ubutnu
Language:
We first generate a keypair and then encode it as PKCS8:
NodeJS returns:
We can also export the PKCS #8 for processing with OpenSSL as:
And then try to parse it with OpenSSL by Doing:
Accoring to the RFC5208, which defines PKCS8 the main data structure that holds the key includes information about the
PrivateKeyAlgorithmIdentifier
while the output from the OpenSSL command seems to identify the key asRSAPrivateKey
which makes me believe that there is something fundamentally wrong.The text was updated successfully, but these errors were encountered: