Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PKI ed25519 key generation fails #13253

Closed
navaneethrameshan opened this issue Nov 23, 2021 · 1 comment
Closed

PKI ed25519 key generation fails #13253

navaneethrameshan opened this issue Nov 23, 2021 · 1 comment
Labels
bug Used to indicate a potential bug secret/pki

Comments

@navaneethrameshan
Copy link
Contributor

Describe the bug
Generating an ed25519 key with the PKI plugin fails with error: unsupported hash signature algorithm: 0

To Reproduce
Steps to reproduce the behavior:

  1. Run
vault write pki/root/generate/exported \ 
common_name="example.com" \
key_type="ed25519" \
format="pem"
  1. See error:
Error writing data to pki/root/generate/exported: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/pki/root/generate/exported
Code: 400. Errors:

* unsupported hash signature algorithm: 0

Expected behavior
Except root CA certificate to be generated

Environment:

  • Vault Server Version (retrieve with vault status):
Key             Value
---             -----
Seal Type       shamir
Initialized     true
Sealed          false
Total Shares    1
Threshold       1
Version         1.10.0-dev
Storage Type    inmem
Cluster Name    vault-cluster-483668ff
Cluster ID      cca902b2-049e-67a1-6009-647327ba5daf
HA Enabled      false
  • Vault CLI Version (retrieve with vault version):
Vault v1.10.0-dev ('7800c45bb7a968757fb18264bee4ef5f2517e62c+CHANGES')
navaneethrameshan added a commit to navaneethrameshan/vault that referenced this issue Nov 23, 2021
@navaneethrameshan
skip hash bits verification for ed25519 hashicorp#13253
11fe293 
The default value or *hashBits is 0 and will fail
at ValidateSignatureLength for ed25519. ed25519
specifies its own hash, so avoid hashBits validation for
ed25519 curve.
@navaneethrameshan navaneethrameshan mentioned this issue Nov 23, 2021
Merged
@stevendpclark stevendpclark added bug Used to indicate a potential bug secret/pki labels Nov 23, 2021
stevendpclark pushed a commit that referenced this issue Nov 23, 2021
@navaneethrameshan
skip hash bits verification for ed25519 (#13254)
01aa095 
* skip hash bits verification for ed25519 #13253

The default value or *hashBits is 0 and will fail
at ValidateSignatureLength for ed25519. ed25519
specifies its own hash, so avoid hashBits validation for
ed25519 curve.
@stevendpclark
Copy link
Contributor

Closing out issue as it was fixed by @navaneethrameshan contribution in #13254

Thanks again!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Used to indicate a potential bug secret/pki
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@navaneethrameshan @stevendpclark