Testing with a secp256r1 elliptic curve key, loaded from a Java key store . When exported to PKCS8 PEM from the key store, the output looks like this:
-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgsX79T3NCPmkl7OLM
gLjXN5e8+9ZAgGYvfPtFMdNwzy+gCgYIKoZIzj0DAQehRANCAAS6tUlQ58fswzy2
TXFX+gj8Gtn0UVC8UYb56yxLxvuVpxAYuxR+c/4XhL9hASXW4jg9MJMstarwDQFc
+8nGvmas
-----END PRIVATE KEY-----
Loading this key in XCA (a GUI around OpenSSL) and then exporting it to PKCS8 PEM results in this:
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgsX79T3NCPmkl7OLM
gLjXN5e8+9ZAgGYvfPtFMdNwzy+hRANCAAS6tUlQ58fswzy2TXFX+gj8Gtn0UVC8
UYb56yxLxvuVpxAYuxR+c/4XhL9hASXW4jg9MJMstarwDQFc+8nGvmas
-----END PRIVATE KEY-----
However, when loading this key from the key store via Chilkat APIs and calling CkPrivateKey->GetPkcs8Pem, the output looks like this:
-----BEGIN PRIVATE KEY-----
MDECAQEEILF+/U9zQj5pJezizIC41zeXvPvWQIBmL3z7RTHTcM8voAoGCCqGSM49
AwEH
-----END PRIVATE KEY-----
Attempting to load this output in XCA errors out with: "Unable to load private key in file... . Tried PEM and DER private, public, PKCS#8 key types and SSH2 format."
This also errors out when attempting to import the output of GetPkcs8Pem with a key store manager app (Key Store Explorer): "Could not load the unencrypted PKCS #8 private key file. Possible reasons include: a) The file is not in PKCS #8 format b) The PKCS #8 private key file is corrupted."
However, walking the same procedure with a RSA key works as expected. I suspect GetPkcs8Pem does not export domain parameters, which would make this data useless.
What am I missing here?