Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: PEM_read_bio_PUBKEY after upgrade to Node 10.10 #22815

Closed
YangYu000 opened this issue Sep 12, 2018 · 8 comments
Closed

Error: PEM_read_bio_PUBKEY after upgrade to Node 10.10 #22815

YangYu000 opened this issue Sep 12, 2018 · 8 comments
Assignees
@tniessen
Labels
confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem.

Comments

@YangYu000
Copy link

  • Version: v10.10.0
  • Platform: Linux 4.9.0-8-amd64 deps: update openssl to 1.0.1j #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64 GNU/Linux (actually, both Ubuntu and Debian, I have bunch of servers running the service)
  • Subsystem: Crypto (I guess)

My code is like

const FS = require('fs');
const JWT = require('jsonwebtoken');
const certPem = FS.readFileSync('./public.pem');
const token = 'xxxx';
JWT.verify(token, certPem, {}, (error, payload) => { ... });

and runs without problem with Node 8 and Node 10.8/10.9 (Ubuntu and Debian, NodeJS offical APT source)

After I upgrade to Node 10.10 yesterday, on JWT.verify throws

Error: PEM_read_bio_PUBKEY failed
    at Verify.verify (internal/crypto/sig.js:122:23)
    at Object.verify (/my/project/path/node_modules/jwa/index.js:89:21)
    at Object.jwsVerify [as verify] (/my/project/path/node_modules/jws/lib/verify-stream.js:54:15)
    at /my/project/path/node_modules/jsonwebtoken/verify.js:116:19
    at getSecret (/my/project/path/node_modules/jsonwebtoken/verify.js:76:14)
    at Object.module.exports [as verify] (/my/project/path/node_modules/jsonwebtoken/verify.js:80:10)
@addaleax
Copy link
Member

@nodejs/crypto

@addaleax addaleax added the crypto Issues and PRs related to the crypto subsystem. label Sep 12, 2018
@tniessen
Copy link
Member

tniessen commented Sep 12, 2018
edited
Loading

This points to #22553, I'll investigate later.

@tniessen
Copy link
Member

@YangYu000 Would it be possible to upload public.pem? Actually, any public key that fails would be enough, it is important to include data surrounding the PEM key though, e.g. whitespace.

@tniessen
Copy link
Member

tniessen commented Sep 12, 2018
edited
Loading

I cannot reproduce this using Node.js 10.9.0 vs 10.10.0 using the code

const assert = require('assert');
const fs = require('fs');
const jwt = require('jsonwebtoken');

const privateKey = fs.readFileSync('./private.pem');
const publicKey = fs.readFileSync('./public.pem');

const token = jwt.sign('Hello world!', privateKey, { algorithm: 'RS256' });
console.log(token);
const payload = jwt.verify(token, publicKey);
console.log(payload);

Valid keys don't produce any errors and any invalid keys I tried produce errors in both versions. It would be helpful to have an example with a key pair that works in previous versions.

@YangYu000
Copy link
Author

@tniessen sorry, the pem file in code is confidential and currently using widely in my company business, so I can't show it in public.
But I may generate another for test usage, please wait me for one or two days, thanks.

@tniessen
Copy link
Member

@YangYu000 That would be great! As long as the error message pops up, any key pair would be enough.

@tniessen
Copy link
Member

Ping @YangYu000.

@YangYu000
Copy link
Author

@tniessen Sorry for the delay.
Here's a pem file content ok with node 10.9 and before but fail in 10.10

Bag Attributes
    localKeyID: 21 54 3F 46 7D 44 84 94 F8 7C EE F2 9D 6D 33 1D 27 3E 97 C2
subject=/C=CN/ST=Shanghai/L=Shanghai/O=FungoTec/OU=Tech/CN=Name/emailAddress=edyuy@zmyseries.com
issuer=/C=CN/ST=Shanghai/L=Shanghai/O=FungoTec/OU=Tech/CN=Name/emailAddress=edyuy@zmyseries.com
-----BEGIN CERTIFICATE-----
MIID6DCCAtCgAwIBAgIJAMguk3GtYYASMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
VQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkxETAPBgNVBAcMCFNoYW5naGFpMREw
DwYDVQQKDAhGdW5nb1RlYzENMAsGA1UECwwEVGVjaDENMAsGA1UEAwwETmFtZTEi
MCAGCSqGSIb3DQEJARYTZWR5dXlAem15c2VyaWVzLmNvbTAeFw0xODA5MjkwMjQw
MjNaFw0xOTA5MjkwMjQwMjNaMIGIMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hh
bmdoYWkxETAPBgNVBAcMCFNoYW5naGFpMREwDwYDVQQKDAhGdW5nb1RlYzENMAsG
A1UECwwEVGVjaDENMAsGA1UEAwwETmFtZTEiMCAGCSqGSIb3DQEJARYTZWR5dXlA
em15c2VyaWVzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY5
M0l1NFMwkwQ8kCgRGD6rZFYPO4GRC6ZfzpEu/ztnFurBH0M4Ifu4JFcuAT+qcQ6I
hFvsADN9mSKtnQVaSzzOAfuLqCiWQ3g1/5gf0lXC2d32iUT7m6f/ZaJ1ZZ0yU/Km
aG2X1BvBR3fW+CpOvSamyLxr/5u3+vl+gLTTv0lRvU7ShVwAFPyeTZ3KmokrPMnP
UlCWakMpzHZb9t0oxlxrUfNkitk5s5F9jNUYZG+fWH+EvB43JnwiUnkAFP3nCvZa
kkX0Z8dQSRtaKPqGApLVY+BWfcjuA4Hz2Cj1BEh8iywtz5A9uoU6Hg1OP66KRy+f
fyx6GhndpJpU0sp+wdcCAwEAAaNTMFEwHQYDVR0OBBYEFFyMaRDETz+7SYnNBlOh
LysLNgSLMB8GA1UdIwQYMBaAFFyMaRDETz+7SYnNBlOhLysLNgSLMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE9ovT4y82Z7t15XCB0qILuF0dbu
AHbmMP8+bk9iXTVrQ48NkTvpmVMgHMeBWrR48JdYZDhSdN00OSoihjUXhixUvY+9
dr4cpT3lZZYSBKIhd50TMWjrCnD6lLB4HQpWinrLITfty80YWVDgAobENpwCtMNx
GTs25+XbQgZWrudUQJWHQra2EontAVMMxTjhJBLnWdiKF8wrISCqMoi+ENDvfNtv
elqxoHs6wlzSEE7QEyqozSZPNeRhV6pcaHYHrQtUMCWbAL/YCNXrJrr5WIiNcpBM
R0aaAJjE+3dnz925GZh0e89p5gy9yg/SMWXrJEqUh+sV45k44no3yiTmGrM=
-----END CERTIFICATE-----

@tniessen tniessen added the confirmed-bug Issues with confirmed bugs. label Sep 29, 2018
@tniessen tniessen self-assigned this Sep 29, 2018
tniessen added a commit to tniessen/node that referenced this issue Sep 29, 2018
@tniessen
crypto: make PEM parsing RFC7468-compliant
8e9334a 
Fixes: nodejs#13612
Fixes: nodejs#22815
@tniessen tniessen mentioned this issue Sep 29, 2018
Closed
2 tasks
targos pushed a commit that referenced this issue Oct 3, 2018
@tniessen @targos
crypto: make PEM parsing RFC7468-compliant
1a21cf1 
PR-URL: #23164
Fixes: #13612
Fixes: #22815
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
@YangYu000 YangYu000 mentioned this issue Mar 7, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tniessen tniessen

Labels
confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

crypto: make PEM parsing RFC7468-compliant tniessen/node
3 participants
@addaleax @tniessen @YangYu000