f8e551cf08
When we load DER-encoded keys in the openssl-backend we always turn it into PEM-encoded keys (essentially we prepend and append a header and footer and use 'toBase64' on the DER data). The problem comes from the header and footer which is simply chosen based on which key algorithm was chosen by the user. Which would be wrong when the key is a PKCS#8 key. This caused OpenSSL to fail when trying to read it. Surprisingly it still loads correctly for unencrypted keys with the wrong header, but not for encrypted keys. This patch adds a small function which checks if a key is an encrypted PKCS#8 key and then uses this function to figure out if a PKCS#8 header and footer should be used (note that I only do this for encrypted PKCS#8 keys since, as previously mentioned, unencrypted keys are read correctly by openssl). The passphrase is now also passed to the QSslKeyPrivate::decodeDer function so DER-encoded files can actually be decrypted. [ChangeLog][QtNetwork][QSslKey] The openssl backend can now load encrypted PKCS#8 DER-encoded keys. Task-number: QTBUG-17718 Change-Id: I52eedf19bde297c9aa7fb050e835b3fc0db724e2 Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
8 lines
395 B
Plaintext
8 lines
395 B
Plaintext
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
|
MIHqMBwGCiqGSIb3DQEMAQEwDgQIS1fq1s4wBy4CAggABIHJsEjsk3aow+m3DXPe
|
|
1KCnwl0qXzzh96JCrtAa+2pWytp52+mZphUgnNXYkIoj0rdqJbr1y4/3t73ffVFG
|
|
TU/4401k2QTSKo2mObTxY811fnWImBbNG3BJVmoq8zvJuHrctfVQuKBQb9UFA7RF
|
|
E5WrYwkNXfRxgSsuUgtMvklHyxeAjxdZ0vWennUuPkJIa4XQhIY5gqMiume8dCGl
|
|
mDujTHUPhBjRKifaGQv2hvc8l7FgjUlUY1DcZIl0AapzF3jEXS/Se90FOE2M
|
|
-----END ENCRYPTED PRIVATE KEY-----
|