The PKCS#8 private key format supports stronger encryption than the traditional OpenSSL format (aka PKCS#1). IPA should use the modern PKCS#8 format for better encryption and FIPS compatibility. The modern format is widely supported.
See https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#serialization-formats
The only public use of private key export is through write_pem_private_key(). The helper function is only used to dump a private key for Apache HTTPD in case of a PKCS#12 export. All other cases (e.g. RA agent cert) are directly created as PKCS#8 files.
write_pem_private_key()
master:
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.