zephyr@lemmy.worldM to linuxmemes@lemmy.world · 5 months ago-----BEGIN PRIVATE KEY-----lemmy.worldimagemessage-square70fedilinkarrow-up11arrow-down10
arrow-up11arrow-down1image-----BEGIN PRIVATE KEY-----lemmy.worldzephyr@lemmy.worldM to linuxmemes@lemmy.world · 5 months agomessage-square70fedilink
minus-squareShortFuse@lemmy.worldlinkfedilinkarrow-up0·edit-25 months agoYeah, except for the first few bytes. PKCS8 has some initial header information, but most of it is the OCTET_STRING of the private key itself. The PEM (human “readable”) version is Base64, so you can craft up a string and make that your key. DER is the that converted to binary again: /** * @see https://datatracker.ietf.org/doc/html/rfc5208#section-5 * @see https://datatracker.ietf.org/doc/html/rfc2313#section-11 * Unwraps PKCS8 Container for internal key (RSA or EC) * @param {string|Uint8Array} pkcs8 * @param {string} [checkOID] * @return {Uint8Array} DER */ export function privateKeyFromPrivateKeyInformation(pkcs8, checkOID) { const der = derFromPrivateKeyInformation(pkcs8); const [ [privateKeyInfoType, [ [versionType, version], algorithmIdentifierTuple, privateKeyTuple, ]], ] = decodeDER(der); if (privateKeyInfoType !== 'SEQUENCE') throw new Error('Invalid PKCS8'); if (versionType !== 'INTEGER') throw new Error('Invalid PKCS8'); if (version !== 0) throw new Error('Unsupported PKCS8 Version'); const [algorithmIdentifierType, algorithmIdentifierValues] = algorithmIdentifierTuple; if (algorithmIdentifierType !== 'SEQUENCE') throw new Error('Invalid PKCS8'); const [privateKeyType, privateKey] = privateKeyTuple; if (privateKeyType !== 'OCTET_STRING') throw new Error('Invalid PKCS8'); if (checkOID) { for (const [type, value] of algorithmIdentifierValues) { if (type === 'OBJECT_IDENTIFIER' && value === checkOID) { return privateKey; } } return null; // Not an error, just doesn't match } return privateKey; } I wrote “plain English” library in Javascript to demystifying all the magic of Let’s Encrypt, ACME, and all those certificates. https://github.com/clshortfuse/acmejs/blob/96fcbe089f0f949f9eb6830ed2d7bc257ea8dc32/utils/certificate/privateKeyInformation.js#L40
Yeah, except for the first few bytes. PKCS8 has some initial header information, but most of it is the OCTET_STRING of the private key itself.
The PEM (human “readable”) version is Base64, so you can craft up a string and make that your key. DER is the that converted to binary again:
I wrote “plain English” library in Javascript to demystifying all the magic of Let’s Encrypt, ACME, and all those certificates.
https://github.com/clshortfuse/acmejs/blob/96fcbe089f0f949f9eb6830ed2d7bc257ea8dc32/utils/certificate/privateKeyInformation.js#L40