Add support for encrypted PEM keys via BoringSSL#428
Conversation
Sources/CryptoExtras/RSA/RSA.swift
Outdated
| /// - encryptionPassword: The password used to decrypt the PEM representation. | ||
| /// | ||
| /// - Throws: An error if the key could not be initialized. | ||
| public init(encryptedPEMRepresentation: String, encryptionPassword: String) throws { |
There was a problem hiding this comment.
Historically we've been nervous about accepting passphrases as Strings: it's not really an ideal way to handle the passphrase. It may be worth looking at what swift-nio-ssl does, where we accept a callback into which the user can write the passphrase. Many users will still use Strings, of course, but it's nicer to offer something that at least can be used safely.
There was a problem hiding this comment.
Hi @Lukasa, I implemented the passphrase callback by copying the NIOSSL implementation.
Regarding the license and attribution for the copied code, NOTICE.txt already contains a link to Swift NIO, but let me know if there's anything else I need to add regarding the license.
Lukasa
left a comment
Lukasa
left a comment
There was a problem hiding this comment.
Shiny, this looks really nice. Thanks so much! ✨
|
Hi @Lukasa, I formatted the code; it was the only CI check that failed. Is it possible to merge and release this code now? |
2 participants
Add support for creating RSA private keys from encrypted PEM files.
Checklist
If you've made changes to
gybfiles./scripts/generate_boilerplate_files_with_gyb.shand included updated generated files in a commit of this pull requestMotivation:
Resolves #264
Modifications:
Adds an initializer to
_RSA.Signing.PrivateKeythat takes the encrypted PEM representation and the encryption password and calls the high-level BoringSSL function to parse the encrypted key format.Tests were copied from #318 by @ptoffy.
Result:
RSA private keys can be created from encrypted PEM files.