Improve error message with mismatched PEM headers #13118
Description
I have a RSA private key for a SaaS API that I access. The SaaS vendor creates the RSA private key.
serialization.load_pem_private_key() up to v44.0.3 worked with the key. V45.0.0 and later raises this exception:
ValueError: Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters). Details: ASN.1 parsing error: unexpected tag (got Tag { value: 16, constructed: true, class: Universal })
It turns out that this is a PKCS#8 format but the PEM file has -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- which apparently is for PKCS#1 format. If I change the file to change "RSA PRIVATE KEY" to "PRIVATE KEY" (expected for PKCS#8), then I can serialize.
While I will work with the vendor to get this changed, I have no guarantee that they will. So, is it possible to provide more details in the exception as to what to look for and fix, or provide some debugging script/method that analyzes for any issues like this?