Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crashes upon using a cert/key pair with passphrase, works without passphrase #123

Closed
omaralqady opened this issue Feb 20, 2017 · 4 comments
Closed

Crashes upon using a cert/key pair with passphrase, works without passphrase #123

omaralqady opened this issue Feb 20, 2017 · 4 comments

Comments

@omaralqady
Copy link

I get this error:

PEM routines:PEM_do_header:bad password read

when trying to use a key/cert pair that uses a passphrase, but when I use ones without a passphrase, it works fine.

I am working in an environment that has a hard requirement of using a passphrase, so using ones without passphrases doesn't work for me.

Is this a problem with the module, or am I doing something wrong? (missing an option specifying the passphrase? I couldn't find this in the docs)
@bjrmatos
Copy link
Contributor

bjrmatos commented Feb 20, 2017
edited
Loading

i'm afraid that handling private keys with passphrase is something that is not implemented in xml-crypto yet, however this seems something very easy to implement since there are node.js API that handles this natively.

as a workaround you can parse your key, decrypt it and pass the decrypted content to xml-crypto, you can use forge to do this.

example:

// if you don't have your private key in PEM format you can use some openssl command to have your private key in PEM, the file will still be encrypted just in different format
var decryptedKey = forge.pki.decryptRsaPrivateKey(fs.readFileSync('/path/to/your/keyinpemformat.pem').toString('ascii'), 'your-passphare-here');

var decryptedKeyBuffer = new Buffer(forge.pki.privateKeyToPem(decryptedKey), 'ascii')

// now, you can use `decryptedKeyBuffer` as the `signingKey` option in xml-crypto

other things that you can do is use some openssl commands to convert your private key in PEM format without passphrase.

@omaralqady
Copy link
Author

@bjrmatos Thank you for your answer.

The solution using forge worked well for me.

On the other hand, using node's native module wouldn't have worked (according to my understanding of the process) unless I would have manipulated the XML nodes manually, which I'm trying to avoid.

@bjrmatos
Copy link
Contributor

On the other hand, using node's native module wouldn't have worked (according to my understanding of the process) unless I would have manipulated the XML nodes manually, which I'm trying to avoid.

i was just leaving a note that node.js have a special API when dealing with keys with passphrase, that API will let us handle this kind of key naturally in xml-crypto, so we will not need to provide additional steps to a user that have a key with passphrase (Like the steps i gave to you using forge).

it was just a note for myself or other possible contributor, i will keep the issue open until i find the time to implement this (seems like it would not require much work) 😄

@bjrmatos bjrmatos reopened this Feb 21, 2017
This was referenced Feb 3, 2021
Closed
Open
@LoneRifle
Copy link
Collaborator

Duplicate of #45

@LoneRifle LoneRifle marked this as a duplicate of #45 May 28, 2023
@cjbarth cjbarth closed this as not planned Won't fix, can't repro, duplicate, stale May 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cjbarth @bjrmatos @omaralqady @LoneRifle