Hi Team,
I am currently investigating the best security practice for the Box Java SDK into our enterprise application and have a question regarding private key handling and PKCS standards.
We are evaluating secure key management approaches and would like to understand whether the Box Java SDK supports authentication using private keys in standard PKCS formats, specifically:
-
PKCS#1 (RSA private key format)
-
PKCS#8 (Private-Key Information Syntax Specification)
More specifically:
-
Does the Box Java SDK natively support loading private keys in PKCS#1 or PKCS#8 format for JWT-based authentication?
-
If PKCS#1 is not directly supported, is PKCS#8 required?
-
Does the SDK support encrypted PKCS#8 keys?
-
Are there any recommended best practices from Box for handling private keys in Java (e.g., conversion requirements, keystore usage, or specific security providers)?
We are particularly concerned about enterprise-grade security compliance and compatibility with standard Java security libraries.
Any clarification on supported formats, limitations, or documentation references would be greatly appreciated.