[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Parsing private key PK - Invalid key tag or value
[Thread Prev] | [Thread Next]
- Subject: Re: Parsing private key PK - Invalid key tag or value
- From: Heiko Thiery <heiko.thiery@xxxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 30 Jun 2022 13:16:18 +0200
- To: libssh@xxxxxxxxxx, Jakub Jelen <jjelen@xxxxxxxxxx>
- Cc: Andreas Schneider <asn@xxxxxxxxxxxxxx>
Hi Jakub,
I added Andreas.
Am Do., 30. Juni 2022 um 12:42 Uhr schrieb Jakub Jelen <jjelen@xxxxxxxxxx>:
>
> On 6/30/22 07:43, Heiko Thiery wrote:
> > Hi,
> >
> > I use netopeer2 with libnetconf2 in combination with libssh and
> > mbedtls. When trying to open a SSH connection I get the following
> > message:
> >
> > [INF]: LN: Accepted a connection on 0.0.0.0:830 from 127.0.0.1:38712.
> > [INF]: SR: Session 128 (user "root", CID 38) created.
> > [2022/06/28 07:31:06.841984, 1] pki_private_key_from_base64: Parsing
> > private key PK - Invalid key tag or value
> > [ERR]: LN: Failed to set hostkey "genkey" (/tmp/gyFsev).
> >
> > Switching to use openSSL does not show this error.
> >
> > Anyone have an explanation for this?
>
> Do you have example key with this issue?
This is what is stored in sysrepo and used later on:
<keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore">
<asymmetric-keys>
<asymmetric-key>
<name>genkey</name>
<algorithm>rsa2048</algorithm>
<public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JYPdk+1mnYnAW++NRWzS33nFe7qKSk80mr5Z0hZXhwV5g+UiSBYxosbnN8kqct8ibz1kRzQOnoeC/rCk87DLhxVCP5DCabPEPWuVH2MOegQmyxHwA7/OMZvVtPWdjk0p/Nt7mgH8jhRV0Xsx1/+lXH7zB0xw1EzmRqJ8KQjRykvXPscatz6NV/JNJlewqsS4SEOaVw71wYoEtMdb+PmUg1gNFbJEOIT9mbWRyTxnL1ZUJA1xK/D2qqXjlV9ydtiVzm3EH3aWHnoNZ/tE0qK4oLK4l1G7rimxzjF4wB5vFxZnRoN6eFNrtZ96zldMlvrsMKRmSTmp6EP9AsIZnimtwIDAQAB</public-key>
<private-key>MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDUlg92T7WadicBb741FbNLfecV7uopKTzSavlnSFleHBXmD5SJIFjGixuc3ySpy3yJvPWRHNA6eh4L+sKTzsMuHFUI/kMJps8Q9a5UfYw56BCbLEfADv84xm9W09Z2OTSn823uaAfyOFFXRezHX/6VcfvMHTHDUTOZGonwpCNHKS9c+xxq3Po1X8k0mV7CqxLhIQ5pXDvXBigS0x1v4+ZSDWA0VskQ4hP2ZtZHJPGcvVlQkDXEr8PaqpeOVX3J22JXObcQfdpYeeg1n+0TSorigsriXUbuuKbHOMXjAHm8XFmdGg3p4U2u1n3rOV0yW+uwwpGZJOanoQ/0CwhmeKa3AgMBAAECggEBAMtU7F0hSHYA5LX/B1MG+oMOXWUhK19LTh2ErCAZl0DoZBm0dUHjaoYcr8CPviWZt/iWf9rYUGJeQzb6FfoCHbWQ69S6PayRnCSAmMm/e8w3JwsEg2wz6/GF+yB1Zf+WH8M0lsUdQ9xt+X8cJqlcK8kNSOWmVt6WYF/kfmNo20VHZOkHirzVL5Jh/NyXv6lMA3fXcKAulTNHbtjdVX0r7441u/LjLODvZgbeSu0cba95KhFaYYAAOcv7TGxB4g2R/GTgoSJr5/Y/ebeh+PuGIHSaToPuNO6g1VMe/pQs1gKYnYsXaELttiGwKOdCTONHc5zT3lwWD76MnHu0NNj7y6ECgYEA7cRilbOz22BDGjP7z/q4S1sFVSYFlUOZWZrwZq3+Afgo+Wnib2fJAN+QCWVHCFbMrNYlR7p8UD9Zh0pHu4UEbDJtzPi/B6m21M+kMfnygl1a1dTBpqHge69E+OohYF1bqdLakOt/KKdFr+OM/cwJT0IfCgjAPJCJflg9eeZfjM0CgYEA5ONY2Y2mwhyTRN+yNI22USu55wFP3ZqcOJGdKY5R2mCiN0iSPvNs2W438VBVN57gpFUnVie6sHDWvRXQT2F1xWsaI4zN5CtsclR49Zus5f3At8jMUerF0sP32FQ5aVJEK3Q8Ti6ImFSxxsNLYsIpaptFRlGQSC/GL+9XizZGAZMCgYEA5mnH97b79v4kSQJTZstbSXtdgZSlGG837sPdcEPwwcvROVLJIpj7CyObm99PpN8o3d1wp0ArNEEP67GqLijLjmaYTWhJB44KJdVLEztbLcZ2Pn49Y9O/jVzehDGwQoh2Se6R7Jqq0aS4PalQeqr94pb7KWgtkwOmmo+8k6MSuYkCgYAWPYEEop7xfZVRu+q08JAmkvkdWSNJhRxo4r1CrHGHppwcgxCyzTRmbC9DY2rkXKu3TA7mcDXTryMufFAhZnbrF90SVzwqT43aDhsywk2qi12OfhRcYVOXhzMt8gEiGrxE/KZfcmYTZydfCNrqXbNoiG3Sx1odqYa4Yak//aYPwQKBgQDk5ePk+nvbrVZu2BAq+6gGhywkL4J50Q+QWJc9v/xwXg5h7Aewmp5Qq+nQBdvjjk59tjRjopNDuLbACRrJ7L0MmnQ9ZW//bgMP1srqw0JxRWY49G2OfQDlW5qsEl7yxc+J18quQVm/u3NgcC7hpinwGGKBOrQByvYzKjvSGEuj6w==</private-key>
</asymmetric-key>
</asymmetric-keys>
</keystore>
Is this enough for you to check?
>
> I think the mbedtls and gcrypt did not have PEM parser or there were
> some limitations.
>
> It might also be that the openssl you are using is generating keys with
> some specific functionality that is not supported by mbedtls parser.
>
> Regards,
> --
> Jakub Jelen
> Crypto Team, Security Engineering
> Red Hat, Inc.
>
>
--
Heiko
| Parsing private key PK - Invalid key tag or value | Heiko Thiery <heiko.thiery@xxxxxxxxx> |
| Re: Parsing private key PK - Invalid key tag or value | Jakub Jelen <jjelen@xxxxxxxxxx> |