From 05bab2c90fb02546bd327609a18193a2cddfeda3 Mon Sep 17 00:00:00 2001
From: Jackson Roberts <jrobe3221@gmail.com>
Date: Wed, 25 Feb 2026 21:56:09 -0600
Subject: [PATCH] convert PKCS#1 keys to PKCS#8 at load time

---
 src/constants.ts | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/src/constants.ts b/src/constants.ts
index 14c67a9..6a5767b 100644
--- a/src/constants.ts
+++ b/src/constants.ts
@@ -35,25 +35,39 @@ const readKeyFile = (path: string) => readFileSync(path).toString();
  * so we normalize all keys to PKCS#8 at load time.
  */
 const toPkcs8Private = (pem: string) =>
-  crypto.createPrivateKey({ key: pem, format: "pem", type: "pkcs1" }).export({ type: "pkcs8", format: "pem" }) as string;
+  crypto
+    .createPrivateKey({ key: pem, format: "pem", type: "pkcs1" })
+    .export({ type: "pkcs8", format: "pem" }) as string;
 
 const toPkcs8Public = (pem: string) =>
-  crypto.createPublicKey({ key: pem, format: "pem", type: "pkcs1" }).export({ type: "spki", format: "pem" }) as string;
+  crypto
+    .createPublicKey({ key: pem, format: "pem", type: "pkcs1" })
+    .export({ type: "spki", format: "pem" }) as string;
 
 export const accessTokenPrivateKey = toPkcs8Private(
-  isProduction ? process.env.ACCESS_TOKEN_PRIVATE_KEY! : readKeyFile(`.accessToken.key`),
+  isProduction
+    ? process.env.ACCESS_TOKEN_PRIVATE_KEY!
+    : readKeyFile(`.accessToken.key`),
 );
 export const refreshTokenPrivateKey = toPkcs8Private(
-  isProduction ? process.env.REFRESH_TOKEN_PRIVATE_KEY! : readKeyFile(`.refreshToken.key`),
+  isProduction
+    ? process.env.REFRESH_TOKEN_PRIVATE_KEY!
+    : readKeyFile(`.refreshToken.key`),
 );
 export const permissionsPrivateKey = toPkcs8Private(
-  isProduction ? process.env.PERMISSIONS_PRIVATE_KEY! : readKeyFile(`.permissions.key`),
+  isProduction
+    ? process.env.PERMISSIONS_PRIVATE_KEY!
+    : readKeyFile(`.permissions.key`),
 );
 export const secureValuesPrivateKey = toPkcs8Private(
-  isProduction ? process.env.SECURE_VALUES_PRIVATE_KEY! : readKeyFile(`.secureValues.key`),
+  isProduction
+    ? process.env.SECURE_VALUES_PRIVATE_KEY!
+    : readKeyFile(`.secureValues.key`),
 );
 export const secureValuesPublicKey = toPkcs8Public(
-  isProduction ? process.env.SECURE_VALUES_PUBLIC_KEY! : readKeyFile(`public-keys/.secureValues.pub`),
+  isProduction
+    ? process.env.SECURE_VALUES_PUBLIC_KEY!
+    : readKeyFile(`public-keys/.secureValues.pub`),
 );
 
 // Microsoft Auth Constants