Skip to content

Transition private keys from PKCS#1 to PKCS#8

Compare
Choose a tag to compare
@vfidevbot vfidevbot released this 12 Jan 18:08
· 890 commits to master since this release
v4.17.0
2cc08f3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

PLEASE READ BEFORE UPGRADING TO THIS VERSION (OR HIGHER)

  • Private keys are now output in PKCS#8 format by default with --csr local and --csr service options.
  • --format legacy-pem was added so users can still get private keys in the deprecated PKCS#1 format for legacy applications.
  • Added prescriptive error message when certificates are requested from Trust Protection Platform using --csr service that the private key PBE (password-based encryption) algorithm policy needs to be set to either "SHA1 3DES" or "SHA256 AES256".
    ⚠️ This is a breaking change (upgrade issue) that was done in the interest of improved security
  • Note: the default PBE algorithm changed to "SHA256 AES256" in TPP 21.3 and would have had to have been reduced to "MD5 DES" in order to work with --csr service in previous versions of VCert
c8bae97dd0eacdc2175bca16bf8fbc2281d51da3  vcert_v4.17.0_darwin.zip
743d69d1240b61c81a05d15cee9afa4b3f96ffdf  vcert_v4.17.0_linux.zip
f281162664827830668fe1e507b25cbad2e2227f  vcert_v4.17.0_linux86.zip
c2317aa0cd5a71bf802df6e30aab4de3802203d1  vcert_v4.17.0_windows.zip
d0e0481c9dc39e1a52cd5f89a696f48bab94b6f1  vcert_v4.17.0_windows86.zip
Assets 7
Loading