}

  /**
   * Returns the RSA private key encoded in [PKCS #1][rfc_8017] [PEM format][rfc_7468].
   *
   * [rfc_8017]: https://tools.ietf.org/html/rfc8017
   * [rfc_7468]: https://tools.ietf.org/html/rfc7468
   */
  fun privateKeyPkcs1Pem(): String {
    check(keyPair.private is RSAPrivateKey) { "PKCS1 only supports RSA keys" }
    return buildString {
      append("-----BEGIN RSA PRIVATE KEY-----\n")

Using `gotestjsonbuildtext=1` restores the 1.23 behavior.
This setting will be removed in a future release, Go 1.28 at the earliest.

Go 1.24 changed [`crypto/rsa`](/pkg/crypto/rsa) to require RSA keys to be at
least 1024 bits. This behavior can be controlled with the `rsa1024min` setting.
Using `rsa1024min=0` restores the Go 1.23 behavior.

                    cipherAlgorithm);
            inver = InvertibleCryptographer.createDesCipher(fessConfig.getAppCipherKey());
        } else if ("rsa".equalsIgnoreCase(cipherAlgorithm)) {
            inver = InvertibleCryptographer.createRsaCipher(fessConfig.getAppCipherKey());
        } else {

 * Peer certificate chain:
 *     sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL
 *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA
 *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
 *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root
 * Pinned certificates for publicobject.com:

            return
          }

          // https://timothybasanov.com/2016/05/26/java-pre-master-secret.html
          // https://security.stackexchange.com/questions/35639/decrypting-tls-in-wireshark-when-using-dhe-rsa-ciphersuites
          // https://stackoverflow.com/questions/36240279/how-do-i-extract-the-pre-master-secret-using-an-openssl-based-client

          // TLSv1.2 Events
          // Produced ClientHello handshake message

        assertEquals("********", SystemUtil.maskSensitiveValue("apikey", "abc123"));
        assertEquals("********", SystemUtil.maskSensitiveValue("PRIVATE_KEY", "-----BEGIN RSA PRIVATE KEY-----"));
    }

    @Test
    public void test_maskSensitiveValue_withToken() {
        assertEquals("********", SystemUtil.maskSensitiveValue("AUTH_TOKEN", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"));

      const val LOOM_PROPERTY = "loom"

      /**
       * For whatever reason our BouncyCastle provider doesn't work with ECDSA keys. Just configure it
       * to use RSA-2048 instead.
       *
       * (We otherwise prefer ECDSA because it's faster.)
       */
      private val localhostHandshakeCertificatesWithRsa2048: HandshakeCertificates by lazy {
        val heldCertificate =

        defaultSettings.put("onelogin.saml2.security.want_xml_validation", "true");
        defaultSettings.put("onelogin.saml2.security.signature_algorithm", "http://www.w3.org/2000/09/xmldsig#rsa-sha1");
        defaultSettings.put("onelogin.saml2.organization.name", "CodeLibs");
        defaultSettings.put("onelogin.saml2.organization.displayname", "Fess");

<div class="termy">

```console
$ pip install pyjwt

---> 100%
```

</div>

/// info

If you are planning to use digital signature algorithms like RSA or ECDSA, you should install the cryptography library dependency `pyjwt[crypto]`.

You can read more about it in the [PyJWT Installation docs](https://pyjwt.readthedocs.io/en/latest/installation.html).

///

        defaultSettings.put("onelogin.saml2.security.want_xml_validation", "true");
        defaultSettings.put("onelogin.saml2.security.signature_algorithm", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        defaultSettings.put("onelogin.saml2.organization.name", "CodeLibs");
        defaultSettings.put("onelogin.saml2.organization.displayname", "Fess");