From db06098fdd9d2715262cb5519e6b75ff3d51511d Mon Sep 17 00:00:00 2001
From: William Petit <wpetit@cadoles.com>
Date: Fri, 5 Jan 2024 09:55:10 +0100
Subject: [PATCH] fix: generate non encrypted key when passphrase is empty

---
 crypto/pem.go | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/crypto/pem.go b/crypto/pem.go
index 83c37e1..91cfcd9 100644
--- a/crypto/pem.go
+++ b/crypto/pem.go
@@ -53,21 +53,21 @@ func DecodePEMEncryptedPrivateKey(key []byte, passphrase []byte) (*rsa.PrivateKe
 }
 
 func EncodePrivateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {
-	if passphrase == nil {
-		return nil, errors.New("passphrase cannot be empty")
-	}
-
 	block := &pem.Block{
 		Type:  "RSA PRIVATE KEY",
 		Bytes: x509.MarshalPKCS1PrivateKey(key),
 	}
 
-	block, err := x509.EncryptPEMBlock(
-		rand.Reader, block.Type,
-		block.Bytes, passphrase, x509.PEMCipherAES256,
-	)
-	if err != nil {
-		return nil, errors.WithStack(err)
+	if len(passphrase) != 0 {
+		encryptedBlock, err := x509.EncryptPEMBlock(
+			rand.Reader, block.Type,
+			block.Bytes, passphrase, x509.PEMCipherAES256,
+		)
+		if err != nil {
+			return nil, errors.WithStack(err)
+		}
+
+		block = encryptedBlock
 	}
 
 	return pem.EncodeToMemory(block), nil