pkcs12: document that we use the wrong PEM type

Fixes golang/go#28018

Change-Id: I2daf99789328ef476de834c3cc703e01b468b3ee
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241337
Reviewed-by: Katie Hockman <[email protected]>
Run-TryBot: Katie Hockman <[email protected]>
TryBot-Result: Gobot Gobot <[email protected]>

Author: FiloSottile

pkcs12/pkcs12.go

@@ -104,6 +104,10 @@ func unmarshal(in []byte, out interface{}) error {
 }
 
 // ToPEM converts all "safe bags" contained in pfxData to PEM blocks.
+//
+// Note that although the returned PEM blocks for private keys have type
+// "PRIVATE KEY", the bytes are not encoded according to PKCS #8, but according
+// to PKCS #1 for RSA keys and SEC 1 for ECDSA keys.
 func ToPEM(pfxData []byte, password string) ([]*pem.Block, error) {
 	encodedPassword, err := bmpString(password)
 	if err != nil {