Export Version 2 PKCS #8 Private Keys

[JonathanWilbur]

Is your feature request related to a problem? Please describe.
Currently, NodeJS exports PKCS 8 private keys as Version 1 PrivateKeyInfo objects, but as of 2010, RFC 5958 specifies Version 2. This only differs from Version 1 by optionally including the public key at the end of the object, and, of course, the version number being incremented.

Describe the solution you'd like
The ability to export Version 2 PKCS 8 Private Keys. All keys can be exported to Version 2 because the included public key at the end is still optional in Version 2. If it is too much work to generate public keys for all algorithms, the public key can be generated just for selected algorithms (presumably those most commonly used, such as RSA and DSA).

This would change Crypto.KeyObject.export() by adding a new export type: pkcs8v2. Again, if the public key cannot be generated, it will simply not be included in the export.

Describe alternatives you've considered
There are no native alternatives. You would have to use third-party crypto libraries to generate PKCS 8 Version 2 keys.

[bnoordhuis]

I think you'd have to take this up with openssl. Node.js doesn't implement the encoder itself, it calls openssl's i2d_PKCS8PrivateKey_bio() API function.

I'm 95% sure openssl currently has no support for writing out private keys in the format you request.

[bnoordhuis]

Digging around openssl's bug tracker I found openssl/openssl#10468 requesting exactly this feature. I'll go ahead and close this issue for now but it can be reopened if it turns out changes are needed on node's side.

I might contribute a patch to openssl if I can find some spare cycles but no hard feelings if someone beats me to it, of course.