Too complicated a way to upload a RSA key using the API

dblas · December 5, 2023, 8:47pm

Hello,
Frankly, extracting the components (primeP, primeQ, etc) simply from a private key stored in a PKCS#8 / PKCS#1 format is not … obvious.
Of course you can write a dedicated program but knowing that openssl is present everywhere …
openssl pkey can print these components but they are printed out as a whole block that is hexa-encoded.
So,

Why the API doesn’t accept a PKCS#8/#1 formatted key (PEM or DER encoded) as a native format?
Can you suggest a simple way to extract the required parameters (prime1, prime2, modulus) from a private key (PKCS#8/#1 - encoded)?

Thank you,
db

robin-nitrokey · January 2, 2024, 2:51pm

The POST /keys and PUT /keys/{KeyID} endpoints have two possible bodies: application/json and multipart/form-data. The multipart/form-data body accepts a key file in PEM encoding.