Validate PEM Format for RSA Private Key

[tromboman]

According to RFC 7468 PKIX Textual Encodings (Chapter 10/11) the Textual Encoding of Private Key Info use the "PRIVATE KEY" label. Encrypted Private Key Info use the "ENCRYPTED PRIVATE KEY" label.
So the key file can also start/end with the following lines

-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----

or

-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----

depending on the application, which creates the key file.

For example, the openssl application with the genpkey command creates PEM files with the aforementioned labels.
Also the openssl req command with the -newkey rsa:2048 option creates this kind of label.
According to the man page, the openssl genrsa command is superseded by genpkey for the generation of RSA Private Keys.

Therefore, it might be a good idea to replace

 openssl genrsa -out $CERT_NAME.key 2048

by

 openssl genpkey -out $CERT_NAME.key -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048

in the README.rst

pretix-passbook/pretix_passbook/forms.py

Line 18 in 28bd14e

if not value.startswith('-----BEGIN RSA PRIVATE KEY-----') or not value.endswith('-----END RSA PRIVATE KEY-----'):

pretix-passbook/README.rst

Line 45 in 28bd14e

openssl genrsa -out $CERT_NAME.key 2048