-
Notifications
You must be signed in to change notification settings - Fork 118
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does 'docker trust key load' support GPG-generated keys? #3696
Comments
I need to dig into this a bit more, but at a guess you are running into the issue golang/go#8860 that Go cannot decrypt pkcs8 encrypted keys, only ones with PEM encryption at present. It looks like there may be other Go libraries that can work with these though, so it might be possible at add support. |
Thanks mate that'd be appreciated! just read golang/go#8860. Does unencrypted keys means exporting the PEM file with no passphrases? |
Issues go stale after 90d of inactivity. Prevent issues from auto-closing with an If this issue is safe to close now please do so. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
docker trust key load gpg-secret-key.pem --name kevin
When executing above command, it should accept PEM file as indicated in https://docs.docker.com/engine/security/trust/content_trust/
Actual behavior
It asked for passphase, and upon entering the correct passphase:
Information
To use my gpg keypair to produce necessary PAM file, i followed instructions on http://sysmic.org/dotclear/index.php?post/2010/03/24/Convert-keys-betweens-GnuPG%2C-OpenSsh-and-OpenSSL#c21688.
I have also tried encoding passphrase with utf-8 and cp850 to no avail, with:
gpgsm -o cert.p12 --p12-charset utf-8 --export-secret-key-p12 _keyid_
gpgsm -o cert.p12 --p12-charset cp850 --export-secret-key-p12 _keyid_
I can reproduce this reliably across my environments.
Diagnostic logs
See attached.
20190603095252.zip
Steps to reproduce the behavior
The text was updated successfully, but these errors were encountered: