I just shared it with a bunch of people while also telling them that I didn’t care if they didn’t get it and I wasn’t going to explain it.

They’re used to this.

Edit: 2 of them got it. That’s pretty good for me. I’ve played to smaller crowds.

That’s why we come to the internet. Real life people suck.

I have exactly one person and they loved it.

I shared it to the memes group at work, as a developer

That’s why I have a sister studying cyber sec 😎

If you had to explain it, how would you?

Yeah, except for the first few bytes. PKCS8 has some initial header information, but most of it is the OCTET_STRING of the private key itself.

The PEM (human “readable”) version is Base64, so you can craft up a string and make that your key. DER is that converted to binary again:

/**
 * @see https://datatracker.ietf.org/doc/html/rfc5208#section-5
 * @see https://datatracker.ietf.org/doc/html/rfc2313#section-11
 * Unwraps PKCS8 Container for internal key (RSA or EC)
 * @param {string|Uint8Array} pkcs8
 * @param {string} [checkOID]
 * @return {Uint8Array} DER
 */
export function privateKeyFromPrivateKeyInformation(pkcs8, checkOID) {
  const der = derFromPrivateKeyInformation(pkcs8);
  const [
    [privateKeyInfoType, [
      [versionType, version],
      algorithmIdentifierTuple,
      privateKeyTuple,
    ]],
  ] = decodeDER(der);
  if (privateKeyInfoType !== 'SEQUENCE') throw new Error('Invalid PKCS8');
  if (versionType !== 'INTEGER') throw new Error('Invalid PKCS8');
  if (version !== 0) throw new Error('Unsupported PKCS8 Version');
  const [algorithmIdentifierType, algorithmIdentifierValues] = algorithmIdentifierTuple;
  if (algorithmIdentifierType !== 'SEQUENCE') throw new Error('Invalid PKCS8');
  const [privateKeyType, privateKey] = privateKeyTuple;
  if (privateKeyType !== 'OCTET_STRING') throw new Error('Invalid PKCS8');
  if (checkOID) {
    for (const [type, value] of algorithmIdentifierValues) {
      if (type === 'OBJECT_IDENTIFIER' && value === checkOID) {
        return privateKey;
      }
    }
    return null; // Not an error, just doesn't match
  }

  return privateKey;
}

I wrote a “plain English” library in Javascript to demystify all the magic of Let’s Encrypt, ACME, and all those certificates. (Also to spin up my own certs in NodeJS/Chrome).

https://github.com/clshortfuse/acmejs/blob/96fcbe089f0f949f9eb6830ed2d7bc257ea8dc32/utils/certificate/privateKeyInformation.js#L40

Edit: To be specific, PKCS8 is usually a PKCS1 (RSA) key with some wrapping to identify it (the OID). The integers (BigInts) you pick for RSA would have to line up in some way, but I would think it’s doable. At worst there is maybe a character or two of garbage at the breakpoints for the RSA integers. And if you account for which ones are absent in the public key, then anybody reading it could get a kick out of reading your public certificate.

It’s assymetric crypto. You’d need to find a matching public key. Or it’s just some useless characters. I suppose that’s impossible, or what we call that… Like take a few billion years to compute. But I’m not an expert on RSA.

https://libraryofbabel.info/

It the length not the content for the most part. Some keys have syntax such as leading or trailing characters.

I’m in your exact camp.

I have literally one friend who would get this, and I try not to bombard him with memes, as I can tell it gets on his nerves sometimes, even when he thinks it’s funny.

It’s lady gaga.

If you’ve followed her at all, even indirectly, this is NOT the weirdest thing she’s done, and bluntly, the weirder stuff wasn’t justified (to the public at least).

I’m not trying to throw shade at Gaga at all. Lady, let your freak flag fly all day long. You don’t need my permission to do it, but if you want it, you got it. Weird isn’t bad, it’s just weird.

IMO, at this point, gaga doesn’t need a reason to be weird.