fix: try decode PKCS8 private key first (#1790)

Signed-off-by: Artur Troian <[email protected]>
akash-network · Mar 23, 2023 · 02d4cf5 · 02d4cf5
1 parent 86a9747
commit 02d4cf5
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/x/cert/utils/key_pair_manager.go b/x/cert/utils/key_pair_manager.go
@@ -265,17 +265,17 @@ func (kpm *keyPairManager) readImpl(fin io.Reader) ([]byte, []byte, []byte, erro
 
 	var privKeyPlaintext []byte
 
+	// PKCS#8 header defined in RFC7468 section 11
 	// nolint: gocritic
-	if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
+	if block.Type == "ENCRYPTED PRIVATE KEY" {
+		privKeyPlaintext, err = pemutil.DecryptPKCS8PrivateKey(block.Bytes, kpm.passwordBytes)
+	} else if block.Headers["Proc-Type"] == "4,ENCRYPTED" {
 		// nolint: staticcheck
 		privKeyPlaintext, err = x509.DecryptPEMBlock(block, kpm.passwordBytes)
 		if errors.Is(err, x509.IncorrectPasswordError) {
 			// nolint: staticcheck
 			privKeyPlaintext, err = x509.DecryptPEMBlock(block, kpm.passwordLegacy)
 		}
-		// PKCS#8 header defined in RFC7468 section 11
-	} else if block.Type == "ENCRYPTED PRIVATE KEY" {
-		privKeyPlaintext, err = pemutil.DecryptPKCS8PrivateKey(block.Bytes, kpm.passwordBytes)
 	} else {
 		return nil, nil, nil, errUnsupportedEncryptedPEM
 	}