Add option to save a private key using PKCS #8
Description
Some frameworks do not support PKCS #1 OR SEC1 EC formats for the private key and require the use of PKCS #8.
See smallstep/autocert#17 (comment)
We should add the flag --pkcs8 or --format pkcs8 to at least the following commands:
step ca certificatestep ca signstep ca renew
Autocert should also support this option.
Currently we can transform a PKCS #1 or SEC1 EC key to PKCS #8 using:
step crypto key format --pkcs8 --pem --no-password --insecure --out site.pkcs8.pem site.pem
Update
We should default to store private keys, specially the encrypted ones using PKCS#8 and perhaps add a way to use PKCS #1 / SEC1 EC on step ca commands.
Add option to save a private key using PKCS #8Description
Some frameworks do not support
PKCS #1ORSEC1 ECformats for the private key and require the use ofPKCS #8.See smallstep/autocert#17 (comment)
We should add the flag--pkcs8or--format pkcs8to at least the following commands:step ca certificatestep ca signstep ca renewAutocert should also support this option.
Currently we can transform a PKCS #1 or SEC1 EC key to PKCS #8 using:
Update
We should default to store private keys, specially the encrypted ones using PKCS#8 and perhaps add a way to use
PKCS #1/SEC1 EConstep cacommands.