Skip to content

Unable load encrypted/password provided RSA private key #258

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
siva-fstack opened this issue May 20, 2020 · 5 comments
Closed

Unable load encrypted/password provided RSA private key #258

siva-fstack opened this issue May 20, 2020 · 5 comments

Comments

@siva-fstack
Copy link

siva-fstack commented May 20, 2020
edited
Loading

Unable to load RSA private key when passphrase provided for private key.

To Reproduce
Steps to reproduce the behavior:

$pk_Generate = openssl_pkey_new(array(
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA
));

openssl_pkey_export($pk_Generate, $pk_Generate_Private, '123456'); // we pass 2nd argument as reference

$pk_Generate_Details = openssl_pkey_get_details($pk_Generate);
$pk_Generate_Public = $pk_Generate_Details['key'];

echo "Private key<br /><pre>\n";
print_r($pk_Generate_Private);
echo "</pre>\n";


$load_private_key = JWKFactory::createFromKey($pk_Generate_Private, '123456', ['use' => 'sig', 'alg' => 'RSA-OAEP-256']);

echo "Private key<br /><pre>\n";
print_r($load_private_key);
echo "</pre>\n";

Screenshots
image
@Spomky Spomky closed this as completed in 38200fe May 29, 2020
@Spomky
Copy link
Member

Spomky commented May 29, 2020

Hi,

This should be fixed with v2.1.7.
Let me know if the issue still exist with this version.

@vuongxuongminh
Copy link

Hi, thanks you for the awesome library,

I have same problem when upgrade package to v2.2.x and downgrade to ~v2.1.7, it play well.

Look like this condition make this bug: KeyConverter#L178

@Spomky
Copy link
Member

Spomky commented Jul 25, 2021

Hi @vuongxuongminh,

Can you send me the first part of the encrypted certificate you use?
It should start with

—–BEGIN RSA PRIVATE KEY—–
Proc-Type: #,ENCRYPTED
DEK-Info: xxxxxxxxxxxxxxxxxxxxxxxxxx

@vuongxuongminh
Copy link

vuongxuongminh commented Jul 25, 2021
edited
Loading

Hi @Spomky look like my encrypted certificate not start with that block, my bash script using to generate keys:

gen-jwt() {
	jwt_passphrase=$(php -r "echo sha1(random_bytes(32));"); 
	echo "$jwt_passphrase" | openssl genpkey -out ./private.pem -pass stdin -aes256 -algorithm rsa -pkeyopt rsa_keygen_bits:4096;
	echo "$jwt_passphrase" | openssl pkey -in ./private.pem -passin stdin -out ./public.pem -pubout; 
	echo "$jwt_passphrase"
}

and the encrypted private start with:

-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJrTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIG3/+yeDUQ8kCAggA
......

@skydudie skydudie mentioned this issue Aug 23, 2021
Merged
@github-actions GitHub Actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 26, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Spomky @vuongxuongminh @siva-fstack