Unable to use encrypted-private key #313
Comments
|
This is puzzling, since none of that code has changed since it worked in 2.2.1. As a "let's rule out the obvious" step, would you mind using ssl to decrypt that key with the "xxx" passphrase that you have in your config file? I just want to make sure that there wasn't a typo somewhere. |
|
Was thinking that myself.... Checked reversing out the encryption. I don't believe there is a typo with the keypass. The unencrypted encrypted file works OK when referenced in the config file. |
|
OK, thanks for checking. I will try to repro these steps with my own key on a matching system. Things are a little hectic, so it might take me a couple of days. |
|
So I cannot repro this running on a Win2016 server using the posted py3.6.3 Windows build of v2.2.2. I have these lines in my umapi-config file: (where |
|
OK, I think I discovered what is going on. So somewhere along the way the encrypted file ended up with CR&LF chars normally there is only *NIX LF char on the OpenSSL output. OpenSSL doesn't mind this but python/user-sync.py doesn't like this, hence the rejection. |
|
Thanks @gglen for following up. Yes, there are lots of ways for Windows files to pick CR/LFs. Too bad the crypto libraries we are using are sensitive to that. We appreciate your filing the issue! |
Platform: Windows Server 2016
Python: 3.6.3 x64
Using a encrypted-private key with user-sync 2.2.2 fails with error message:
CRITICAL main - umapi configuration.enterprise: Error decrypting private key, either the password is wrong or: RSA key format is not supported
Error occurs with keypass either in Windows Credential Manager or plain text keypass in file, ie:
secure_priv_key_pass_key: umapi_private_key_passphrase
or
priv_key_pass: "xxx"
Unencrypted private key works correctly. Encrypted key created using OpenSSL:
openssl pkcs8 -in private.key -topk8 -v2 des3 -out private-encrypted.key
Could be related to: #258
The text was updated successfully, but these errors were encountered: