[
https://issues.apache.org/jira/browse/KUDU-3207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17281507#comment-17281507
]
Grant Henke commented on KUDU-3207:
-----------------------------------
I don't have a lot of background or context on the formats and encodings and
their purpose or benefits. I found this post to be super helpful for context
and sharing here in case anyone else could benefit from it:
https://stackoverflow.com/a/48960291
> Standardize RSA private key format
> ----------------------------------
>
> Key: KUDU-3207
> URL: https://issues.apache.org/jira/browse/KUDU-3207
> Project: Kudu
> Issue Type: Improvement
> Reporter: Attila Bukor
> Priority: Minor
> Labels: OpenSSL, security
>
> Currently, Kudu stores RSA private keys in PEM format using
> PEM_write_bio_RSAPrivateKey(), which doesn't specify the format in which the
> key is stored. It expects it to be PKCS #1 (BEGIN/END RSA PRIVATE KEY), but
> it seems there are some OpenSSL versions (CryptoComply) that use PKCS #8
> instead (BEGIN/END PRIVATE KEY). {{CryptoTest.RsaPrivateKeyInputOutputPEM}}
> fails due to this, as it compares the private key to an expected string,
> which is in PKCS #1 format. The read functions are explicitly said to handle
> any known format, so this shouldn't cause any issues, but it would still be
> nice to standardize on a single format (probably PKCS #8).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
