Skip to content

Commit c7d3990

Browse files
authored
fix: use modern PKCS#8 for key serialization (#547)
This will allow us to eventually add support for post-quantum signature keys like ML-DSA. The PKCS#1 format (TraditionalOpenSSL) does not suport such keys and is a legacy format.
1 parent 13824ea commit c7d3990

2 files changed

Lines changed: 2 additions & 2 deletions

File tree

google/cloud/alloydbconnector/utils.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ async def _write_to_file(
3535

3636
key_bytes = key.private_bytes(
3737
encoding=serialization.Encoding.PEM,
38-
format=serialization.PrivateFormat.TraditionalOpenSSL,
38+
format=serialization.PrivateFormat.PKCS8,
3939
encryption_algorithm=serialization.NoEncryption(),
4040
)
4141

tests/unit/mocks.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -459,7 +459,7 @@ def write_static_info(i: FakeInstance) -> io.StringIO:
459459
)
460460
priv_pem = priv_key.private_bytes(
461461
encoding=serialization.Encoding.PEM,
462-
format=serialization.PrivateFormat.TraditionalOpenSSL,
462+
format=serialization.PrivateFormat.PKCS8,
463463
encryption_algorithm=serialization.NoEncryption(),
464464
).decode("UTF-8")
465465
ca_cert, chain = i.generate_pem_certificate_chain(pub_pem)

0 commit comments

Comments
 (0)