Currently, I am integrating docebo API with python rest client. While creating an oAuth2 application in docebo with JWT bearer grant permission they are asking to upload the public key.
I have generated public key using below command on mac
ssh-keygen -t rsa -b 4096 -C <user id>
As they have mentioned public key format should be
—–BEGIN PUBLIC KEY—–
MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGOrtjv/oPcaWIQL7h3DwvGbWFhH
fAIP02pPPw1Cp8h0SUkmGAWUGKCNH2WuIeNxPlRZKmW86aivknrRtEN3QW6eEsFZ
ZSIKVmUPekKrSpvYmYwkTCnwCb4gpDu1ZPEde8VXhQjLRl7ielUktzzbXW7v1HmI
fDASHvMvIl4kwGA/AgMBAAE=
—–END PUBLIC KEY—–
According to that, I have converted id_rsa.pub to publicKey.pem using below command
ssh-keygen -f ~/.ssh/id_rsa.pub -m 'PEM' -e > publicKey.pem
chmod 600 public.pem
Still, I am not able to upload the publicKey.pem on the oauth2 application. Error is Public key is invalid.
Any idea about this. Thanks!
This is a late answer. Hopefully it can help others.
We use open ssl (https://www.openssl.org/source/) solved this issue. Run the commands below and import rsa_public.pem into Docebo.
openssl genpkey -algorithm RSA -out rsa_private.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem
Related
I am trying to add certificate for Kubernetes, but when I run the following command on cmd (MacOS):
openssl ec -in mycompany-robert.key -out mycompany-robert.dkey
I get the following prompt:
read EC key
Enter PEM pass phrase:
Then I enter some password, but it is not accepted and get the following error:
unable to load Key
4315711020:error:06FFF064:digital envelope routines:CRYPTO_internal:bad
decrypt:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/
Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/evp/evp_enc.c:521:
4315711020:error:09FFF065:PEM routines:CRYPTO_internal:bad
decrypt:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/
Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/pem/pem_lib.c:469:
So, how can I fix the problem?
On my computer:
travis login --org
Username: xxxxxx
Password: xxxxxx
Successfully logged in as xxxxxx!
travis encrypt-file codesigning.asc -r XXXXXX/XXXXXX
encrypting codesigning.asc for XXXXXX/XXXXXX
storing result as codesigning.asc.enc
storing secure env variables for decryption
Please add the following to your build script (before_install stage in your .travis.yml, for instance):
openssl aes-256-cbc -K $encrypted_abcd1234_key -iv $encrypted_abcd1234_iv -in codesigning.asc.enc -out codesigning.asc -d
Pro Tip: You can add it automatically by running with --add.
Make sure to add codesigning.asc.enc to the git repository.
Make sure not to add codesigning.asc to the git repository.
Commit all changes to your .travis.yml.
On my travis acount:
On my GitHub repository:
I paste the codesigning.asc.enc file in the test folder test/codesigning.asc.enc.
I add this shell script:
if [ "$TRAVIS_BRANCH" = 'master' ] && [ "$TRAVIS_PULL_REQUEST" == 'false' ]; then
echo "******** Starting gpg"
openssl aes-256-cbc -K "$encrypted_abcd1234_key" -iv "$encrypted_abcd1234_iv" -in test/codesigning.asc.enc -out test/codesigning.asc -d
gpg --fast-import test/codesigning.asc
fi
I have this error on my travis console:
bad decrypt
139864985556640:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539:
gpg: invalid radix64 character FE skipped
gpg: invalid radix64 character C4 skipped
gpg: read_block: read error: invalid packet
gpg: import from `test/codesigning.asc' failed: invalid keyring
gpg: Total number processed: 0
OpenPGP (the cryptographic protocol implemented by gpg) and X.509 (the cryptographic protocol used by OpenSSL) are not compatible. You cannot import this key to GnuPG (you could to gpgsm which implements X.509, but this is not the normal gpg you want to use). You will have to stick with OpenSSL or GnuTLS to handle the key and encrypted messages for it.
What is the difference between csr created from linux openssl v/s ruby openssl library:
openssl req -out mytest.csr -new -newkey rsa:2048 -nodes -keyout
mytest.
The public key created from above looks something like this:
-----BEGIN CERTIFICATE REQUEST-----\nMIIC2jCCAcICAQAwgZQxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNRDEWMBQGA1UE\nBwwNU2lsdmVyIFNwcmluZzELMAkGA1UECgwCTUwxCzAJBgNVBAsMAkVTMR8wHQYD\nVQQDDBZtc2NsaWVudDI4LnNhbXRlc3QuY29tMSUwIwYJKoZIhvcNAQkBFhZtc2Ns\naWVudDI4QHNhbXRlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAvMJwLZp9w/YPZz31+ZyozD5S3Xb1Jjtdx0VBUrRuDKi4y+XRlzOeHHvRiSZJ\nVMI2LLLta0Zel4ULK4vSoP2OH5ezQbAGUslxePupFFulPZUJJrNLVZJ/9jNOgKoI\n6tu+8TGP2UivOGfW5OQFYLFLZJad/PP7IoAOoYB79lqnE/+3/vjys5eHL6dOZ/0I\nmUj8G5jw1thZlOQpA4Es2Xoxnvkr1kiJpoa+4s8L6kX2PLRCoWmP1ZqQ1pi3oHoP\n6kLo/qQ2KiIrPcrDGi5aGtKkCrj64JAS4IIcLiBvI+KXNCzaB6f2I7ChBEkA8iEU\nSe2LqqSs0eumBFH0HwE4uvwOWQIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAJZI\niySQfZpFYL7SZWWvUxdHPxmwrw3PdcPSAJZQImoMNCSFC0kCtIzl+LleZN8/WzkV\nQ2Ps6cg3+bSWrJ+gA6EjcA4X8oGHN545snaOUf/ZRXf0mKbtu+U3asTiaE8Dz8P6\n5gz81GaA+ZDmjwk7ezrz6+gED439M5sot5yaeH8EfD5c49y0hOP9gg1VDJMNiwsf\nVARrIu+eHCPi2PXzBXZTPdivzn3cZQU0vsu91DzuHHXzCQv5wYE/iVh5lyWjLeFS\nFg5m4mLOtjKRzPeCpldkGkFRssvOoBOixZHPainzUHKk7eVNggXPjgFa4fk3uPp0\nWUftUDM5l7ANFqv5ii0=\n-----END
CERTIFICATE REQUEST-----
However when i try to create it from ruby's open ssl library:
irb(main):004:0> private_key = OpenSSL::PKey::RSA.new 2048
irb(main):005:0> private_key.public_key.to_pem
=> "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEAqDaG8Je5YY2kXM6w/a7uiTTAsJd1JwkP7w44licoYxn7N+sYuv3K\n2iFAfumP3NEWueeRcCPSiGD3BpCKwxo4tch9uOFGOuaWYiK9XC7OOZV755+hix0S\nWph45bwiOSQX0Jr6SB6T7RBXxAF7RFdMVfo4AyZkakVaMxr0lVO8E7RqO6WaeYV2\ne6GYU2BPy60U7iXVK+15RGMQIWaiUt5iCGzJqBn+IE1GQJpytbRg7melx4e6zPQf\n5Aa4Wufm7SFEVMJ5/rzTALOZa5VWlPRhb7luxYXXLDqckB8/6Bok6kpu5qkJjHHz\nwRabh7u8Vy6cRuz+Df7LTsRuamkZLG8KXQIDAQAB\n-----END
RSA PUBLIC KEY-----\n"
The above public key is much smaller.
What is different between the 2?
How can i make ruby's open ssl generate a csr & private like linux openssl.
Looking at your other question as well, it appears that your fundamental misunderstanding is that you think that a CSR is a public key. A CSR does indeed contain a public key, but it includes additional data (e.g. subject and signature) and is a distinct type of object.
You started off right with creating the RSA key pair, but you then have to generate the CSR. You can do it like this:
require 'openssl'
# Create public/private key pair.
key = OpenSSL::PKey::RSA.new 2048
print key.to_pem()
print key.public_key.to_pem()
# Create CSR.
request = OpenSSL::X509::Request.new
request.subject = OpenSSL::X509::Name.parse 'C=US/CN=foobar'
request.public_key = key.public_key
request.sign(key, OpenSSL::Digest::SHA256.new)
print request.to_pem()
Note that ruby can't prompt you for the subject fields, so you have to specify them via the API.
Trying to use google-compute-engine provider for jclouds there appears to be a problem when putting the pem extracted from the .p12 into the credential section of my jenkins config.xml
Followed these instruction https://github.com/jclouds/jclouds-labs-google/tree/master/google-compute-engine to extract the pem file from the p12
Error is see when trying to test connection:
Cannot connect to specified cloud, please check the identity and credentials: chars -----BEGIN RSA PRIVATE KEY----- HIDDEN -----END RSA PRIVATE KEY----- doesn't contain % line [-----END ]
If I remove the "-----BEGIN RSA", jclouds correctly tells me that % doesnt contain the line -----BEGIN
but it seems to be barfing on parsing the "-----END" part
I thought It might have to do with pasting the key into the Credential section of the configure jenkins U/I,
but I placed the key directly into the config.xml's section, and I'm getting the same error.
jenkins-1.583-1.1.noarch with Jclouds plugin 2.8
Any ideas?
-Aric
Convert the p12 file into pem format (it will ask for the keystore password, which is usually "notasecret"):
openssl pkcs12 -in my_keystore.p12 -out my_keystore.pem -nodes
Extract only the pk and remove passphrase
openssl rsa -in my_keystore.pem -out my_key.pem
Then you can use this key and problem will be solved.
The solution on my side is to use the Textarea. FYI: JENKINS-25283
and reason is losing the new line character. Hope this help you.
I was having a similar problem after reading the key from a user interface.
The fix for me was:
privatekey = privatekey.replace("\\\n", System.lineSeparator());
This ensures the key includes system specific line-break characters.
I have generated public key for RSA using SecKeyWrapper class provided by Apple. How can I create PEM file to save this key in that file? Do we have any library or framework for this?
Best regards
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
chmod 700 id_rsa.pem