Validate PEM Format for RSA Private Key
Opened this issue · 0 comments
According to RFC 7468 PKIX Textual Encodings (Chapter 10/11) the Textual Encoding of Private Key Info use the "PRIVATE KEY" label. Encrypted Private Key Info use the "ENCRYPTED PRIVATE KEY" label.
So the key file can also start/end with the following lines
-----BEGIN PRIVATE KEY-----
...
-----END PRIVATE KEY-----
or
-----BEGIN ENCRYPTED PRIVATE KEY-----
...
-----END ENCRYPTED PRIVATE KEY-----
depending on the application, which creates the key file.
For example, the openssl
application with the genpkey
command creates PEM files with the aforementioned labels.
Also the openssl req
command with the -newkey rsa:2048
option creates this kind of label.
According to the man page, the openssl genrsa
command is superseded by genpkey
for the generation of RSA Private Keys.
Therefore, it might be a good idea to replace
openssl genrsa -out $CERT_NAME.key 2048
by
openssl genpkey -out $CERT_NAME.key -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
in the README.rst
pretix-passbook/pretix_passbook/forms.py
Line 18 in 28bd14e
Line 45 in 28bd14e