-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to use encrypted-private key #313
Comments
This is puzzling, since none of that code has changed since it worked in 2.2.1. As a "let's rule out the obvious" step, would you mind using ssl to decrypt that key with the "xxx" passphrase that you have in your config file? I just want to make sure that there wasn't a typo somewhere. |
Was thinking that myself.... Checked reversing out the encryption. I don't believe there is a typo with the keypass. The unencrypted encrypted file works OK when referenced in the config file. |
OK, thanks for checking. I will try to repro these steps with my own key on a matching system. Things are a little hectic, so it might take me a couple of days. |
So I cannot repro this running on a Win2016 server using the posted py3.6.3 Windows build of v2.2.2. I have these lines in my umapi-config file:
(where |
OK, I think I discovered what is going on. So somewhere along the way the encrypted file ended up with CR&LF chars normally there is only *NIX LF char on the OpenSSL output. OpenSSL doesn't mind this but python/user-sync.py doesn't like this, hence the rejection. |
Thanks @gglen for following up. Yes, there are lots of ways for Windows files to pick CR/LFs. Too bad the crypto libraries we are using are sensitive to that. We appreciate your filing the issue! |
Platform: Windows Server 2016
Python: 3.6.3 x64
Using a encrypted-private key with user-sync 2.2.2 fails with error message:
CRITICAL main - umapi configuration.enterprise: Error decrypting private key, either the password is wrong or: RSA key format is not supported
Error occurs with keypass either in Windows Credential Manager or plain text keypass in file, ie:
secure_priv_key_pass_key: umapi_private_key_passphrase
or
priv_key_pass: "xxx"
Unencrypted private key works correctly. Encrypted key created using OpenSSL:
openssl pkcs8 -in private.key -topk8 -v2 des3 -out private-encrypted.key
Could be related to: #258
The text was updated successfully, but these errors were encountered: