Use PKCS#8 instead of traditional privkey format

The modern PKCS#8 private key format supports better encryption standard and is preferable over traditional, weak PKCS#1 key format. Fixes: https://pagure.io/freeipa/issue/7943 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Oleg Kozlov <okozlov@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-05-13 16:30:42 +02:00
parent 7b8a2af219
commit 2042b5a0d2
2 changed files with 2 additions and 1 deletions
--- a/ipalib/x509.py
+++ b/ipalib/x509.py
@@ -596,7 +596,7 @@ def write_pem_private_key(priv_key, filename, passwd=None):
            os.fchmod(fp.fileno(), 0o600)
            fp.write(priv_key.private_bytes(
                Encoding.PEM,
-                PrivateFormat.TraditionalOpenSSL,
+                PrivateFormat.PKCS8,
                encryption_algorithm=enc_alg))
    except (IOError, OSError) as e:
        raise errors.FileError(reason=str(e))