Re: Parsing private key PK - Invalid key tag or value

[Heiko Thiery <heiko.thiery@xxxxxxxxx>]

Hi Michal,

Am Fr., 1. Juli 2022 um 08:42 Uhr schrieb Andreas Schneider
<asn@xxxxxxxxxxxxxx>:
>
> On Thursday, June 30, 2022 1:16:18 PM CEST Heiko Thiery wrote:
> > Hi Jakub,
> >
> > I added Andreas.
> >
> > Am Do., 30. Juni 2022 um 12:42 Uhr schrieb Jakub Jelen <jjelen@xxxxxxxxxx>:
> > > On 6/30/22 07:43, Heiko Thiery wrote:
> > > > Hi,
> > > >
> > > > I use netopeer2 with libnetconf2 in combination with libssh and
> > > > mbedtls. When trying to open a SSH connection I get the following
> > > > message:
> > > >
> > > > [INF]: LN: Accepted a connection on 0.0.0.0:830 from 127.0.0.1:38712.
> > > > [INF]: SR: Session 128 (user "root", CID 38) created.
> > > > [2022/06/28 07:31:06.841984, 1] pki_private_key_from_base64:  Parsing
> > > > private key PK - Invalid key tag or value
> > > > [ERR]: LN: Failed to set hostkey "genkey" (/tmp/gyFsev).
> > > >
> > > > Switching to use openSSL does not show this error.
> > > >
> > > > Anyone have an explanation for this?
> > >
> > > Do you have example key with this issue?
> >
> > This is what is stored in sysrepo and used later on:
> >
> > <keystore xmlns="urn:ietf:params:xml:ns:yang:ietf-keystore">
> >   <asymmetric-keys>
> >     <asymmetric-key>
> >       <name>genkey</name>
> >       <algorithm>rsa2048</algorithm>
> >
> > <public-key>MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JYPdk+1mnYnAW++NRW
> > zS33nFe7qKSk80mr5Z0hZXhwV5g+UiSBYxosbnN8kqct8ibz1kRzQOnoeC/rCk87DLhxVCP5DCab
> > PEPWuVH2MOegQmyxHwA7/OMZvVtPWdjk0p/Nt7mgH8jhRV0Xsx1/+lXH7zB0xw1EzmRqJ8KQjRyk
> > vXPscatz6NV/JNJlewqsS4SEOaVw71wYoEtMdb+PmUg1gNFbJEOIT9mbWRyTxnL1ZUJA1xK/D2qq
> > XjlV9ydtiVzm3EH3aWHnoNZ/tE0qK4oLK4l1G7rimxzjF4wB5vFxZnRoN6eFNrtZ96zldMlvrsMK
> > RmSTmp6EP9AsIZnimtwIDAQAB</public-key>
> > <private-key>MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDUlg92T7Wadi
> > cBb741FbNLfecV7uopKTzSavlnSFleHBXmD5SJIFjGixuc3ySpy3yJvPWRHNA6eh4L+sKTzsMuHF
> > UI/kMJps8Q9a5UfYw56BCbLEfADv84xm9W09Z2OTSn823uaAfyOFFXRezHX/6VcfvMHTHDUTOZGo
> > nwpCNHKS9c+xxq3Po1X8k0mV7CqxLhIQ5pXDvXBigS0x1v4+ZSDWA0VskQ4hP2ZtZHJPGcvVlQkD
> > XEr8PaqpeOVX3J22JXObcQfdpYeeg1n+0TSorigsriXUbuuKbHOMXjAHm8XFmdGg3p4U2u1n3rOV
> > 0yW+uwwpGZJOanoQ/0CwhmeKa3AgMBAAECggEBAMtU7F0hSHYA5LX/B1MG+oMOXWUhK19LTh2ErC
> > AZl0DoZBm0dUHjaoYcr8CPviWZt/iWf9rYUGJeQzb6FfoCHbWQ69S6PayRnCSAmMm/e8w3JwsEg2
> > wz6/GF+yB1Zf+WH8M0lsUdQ9xt+X8cJqlcK8kNSOWmVt6WYF/kfmNo20VHZOkHirzVL5Jh/NyXv6
> > lMA3fXcKAulTNHbtjdVX0r7441u/LjLODvZgbeSu0cba95KhFaYYAAOcv7TGxB4g2R/GTgoSJr5/
> > Y/ebeh+PuGIHSaToPuNO6g1VMe/pQs1gKYnYsXaELttiGwKOdCTONHc5zT3lwWD76MnHu0NNj7y6
> > ECgYEA7cRilbOz22BDGjP7z/q4S1sFVSYFlUOZWZrwZq3+Afgo+Wnib2fJAN+QCWVHCFbMrNYlR7
> > p8UD9Zh0pHu4UEbDJtzPi/B6m21M+kMfnygl1a1dTBpqHge69E+OohYF1bqdLakOt/KKdFr+OM/c
> > wJT0IfCgjAPJCJflg9eeZfjM0CgYEA5ONY2Y2mwhyTRN+yNI22USu55wFP3ZqcOJGdKY5R2mCiN0
> > iSPvNs2W438VBVN57gpFUnVie6sHDWvRXQT2F1xWsaI4zN5CtsclR49Zus5f3At8jMUerF0sP32F
> > Q5aVJEK3Q8Ti6ImFSxxsNLYsIpaptFRlGQSC/GL+9XizZGAZMCgYEA5mnH97b79v4kSQJTZstbSX
> > tdgZSlGG837sPdcEPwwcvROVLJIpj7CyObm99PpN8o3d1wp0ArNEEP67GqLijLjmaYTWhJB44KJd
> > VLEztbLcZ2Pn49Y9O/jVzehDGwQoh2Se6R7Jqq0aS4PalQeqr94pb7KWgtkwOmmo+8k6MSuYkCgY
> > AWPYEEop7xfZVRu+q08JAmkvkdWSNJhRxo4r1CrHGHppwcgxCyzTRmbC9DY2rkXKu3TA7mcDXTry
> > MufFAhZnbrF90SVzwqT43aDhsywk2qi12OfhRcYVOXhzMt8gEiGrxE/KZfcmYTZydfCNrqXbNoiG
> > 3Sx1odqYa4Yak//aYPwQKBgQDk5ePk+nvbrVZu2BAq+6gGhywkL4J50Q+QWJc9v/xwXg5h7Aewmp
> > 5Qq+nQBdvjjk59tjRjopNDuLbACRrJ7L0MmnQ9ZW//bgMP1srqw0JxRWY49G2OfQDlW5qsEl7yxc
> > +J18quQVm/u3NgcC7hpinwGGKBOrQByvYzKjvSGEuj6w==</private-key>
> > </asymmetric-key>
> >   </asymmetric-keys>
> > </keystore>
> >
> > Is this enough for you to check?
>
> https://github.com/CESNET/netopeer2/blob/master/scripts/merge_hostkey.sh#L29
> removes the header and footer and we rely on that!

Can you comment why the header and footer need to be removed?

-- 
Heiko