If I provide a private key that's not of exactly the expected format, it is wrongly treated as a filename.
Here the code insists that a private key have header -----BEGIN RSA PRIVATE KEY-----.
I believe that this is effectively forcing people to use the PKCS1 format; but PKCS8 is nowadays generally preferred.
Eg openssl genpkey -out private.key -algorithm RSA will generate a key that begins -----BEGIN PRIVATE KEY----- (note no "RSA" here).
Propose that if you want to check whether a string is a private key, it would be better to do this by using a cryptographic library and trying to load it. Failing that, please allow valid keys in modern format.
If I provide a private key that's not of exactly the expected format, it is wrongly treated as a filename.
Here the code insists that a private key have header
-----BEGIN RSA PRIVATE KEY-----.I believe that this is effectively forcing people to use the PKCS1 format; but PKCS8 is nowadays generally preferred.
Eg
openssl genpkey -out private.key -algorithm RSAwill generate a key that begins-----BEGIN PRIVATE KEY-----(note no "RSA" here).Propose that if you want to check whether a string is a private key, it would be better to do this by using a cryptographic library and trying to load it. Failing that, please allow valid keys in modern format.