[PR #7180] [CLOSED] option to use encrypted rsa key #23425

New Issue

GiteaMirror · 2026-05-16T06:00:29-05:00

GiteaMirror commented

2026-05-16 06:00:29 -05:00

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/7180
Author: @pieska
Created: 5/3/2026
Status: ❌ Closed

Base: main ← Head: encrypted_rsa_key

📝 Commits (1)

18a1b00 add optional encryption to rsa_key.pem

📊 Changes

3 files changed (+58 additions, -6 deletions)

View changed files

📝 src/auth.rs (+50 -5)
📝 src/config.rs (+7 -0)
📝 src/main.rs (+1 -1)

📄 Description

I'm not a rust pro, but tried to implement creating/loading of encrypted rsa key:

no passphrase set, no keyfile found -> unencrypted pkcs1 created, no change
no passphrase set, key unencrypted -> key will be loaded, no change
no passphrase set, key encrypted -> error and exit
passhrase set, no keyfile found -> encrypted pkcs1 created
passphrase set, key unencrypted -> issue warnung but key will be loaded
passphrase set, key encrypted (pkcs1 or pkcs8) -> key will be loaded and decrypted

passphrase can be set in RSA_KEY_PASSPHRASE or in RSA_KEY_PASSPHRASE_FILE

encrypt existing keys:

pkcs1
openssl rsa -in rsa_key.pem -aes256 -out rsa_key_encrypted.pem -traditional
pkcs8
openssl rsa -in rsa_key.pem -aes256 -out rsa_key_encrypted.pem
check
openssl rsa -in rsa_key_encrypted.pem -check
check with passphrase file
openssl rsa -in rsa_key_encrypted.pem -check -passin file:rsa_key.pass

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/7180 **Author:** [@pieska](https://github.com/pieska) **Created:** 5/3/2026 **Status:** ❌ Closed **Base:** `main` ← **Head:** `encrypted_rsa_key` --- ### 📝 Commits (1) - [`18a1b00`](https://github.com/dani-garcia/vaultwarden/commit/18a1b00aa7e7e0f14580e08665608ec3ef5ee467) add optional encryption to rsa_key.pem ### 📊 Changes **3 files changed** (+58 additions, -6 deletions) <details> <summary>View changed files</summary> 📝 `src/auth.rs` (+50 -5) 📝 `src/config.rs` (+7 -0) 📝 `src/main.rs` (+1 -1) </details> ### 📄 Description I'm not a rust pro, but tried to implement creating/loading of encrypted rsa key: - no passphrase set, no keyfile found -> unencrypted pkcs1 created, no change - no passphrase set, key unencrypted -> key will be loaded, no change - no passphrase set, key encrypted -> error and exit - passhrase set, no keyfile found -> encrypted pkcs1 created - passphrase set, key unencrypted -> issue warnung but key will be loaded - passphrase set, key encrypted (pkcs1 or pkcs8) -> key will be loaded and decrypted passphrase can be set in RSA_KEY_PASSPHRASE or in RSA_KEY_PASSPHRASE_FILE encrypt existing keys: - pkcs1 openssl rsa -in rsa_key.pem -aes256 -out rsa_key_encrypted.pem -traditional - pkcs8 openssl rsa -in rsa_key.pem -aes256 -out rsa_key_encrypted.pem - check openssl rsa -in rsa_key_encrypted.pem -check - check with passphrase file openssl rsa -in rsa_key_encrypted.pem -check -passin file:rsa_key.pass --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-05-16 06:00:29 -05:00

GiteaMirror closed this issue

2026-05-16 06:00:29 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#23425