What is the file with .p8 extension? (APNs Auth Key / JWT)

Question

I think it is a little ridiculous but it\'s hard to find information about what is this file. I\'ve found a lot info how to get this Apple Push Notification Authentication

Answer 1

File extensions are just a convention, but most likely the .p8 extension is used to indicate that it is a PKCS#8 PrivateKeyInfo (or EncryptedPrivateKeyInfo).

I'd expect the Keychain program to be able to open it as "a key", but not having a mac at hand I can't say. It should open with SecItemImport (kSecFormatOpenSSL, kSecItemTypePrivateKey).

Is there a way to convert it to .pem or .p12?

Assuming you mean "certificate" by .pem, no. If you mean PEM encoded, sure. It's either "BEGIN PRIVATE KEY" or "BEGIN ENCRYPTED PRIVATE KEY", depending.

It can also, technically, be converted into a PKCS#12. But Apple's PKCS#12 importer won't import (last I saw) private keys that it can't figure out what certificate they belong with (from the same PKCS#12).

This is just a private key, there's no certificate (thus no expiration). So certificate-based approaches don't make sense.

Does the server side can operate with .p8 the same way as .p12 or it should be additional tools added?

This depends entirely on the details of the protocol, which I don't know. If the protocol transported the certificate then different machinery is involved with the conversion. If it just transported a signature and the server looked up the public key for verification then nothing changed server side.