Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using OpenSSH private key results in openssl_sign() - supplied key param cannot be coerced into a private key #1979

Closed
renepupil opened this issue Jan 24, 2024 · 4 comments
Closed

Using OpenSSH private key results in openssl_sign() - supplied key param cannot be coerced into a private key #1979

renepupil opened this issue Jan 24, 2024 · 4 comments

Comments

@renepupil
Copy link

renepupil commented Jan 24, 2024
edited

Newly generated Private OpenSSH key:

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAaAAAABNlY2RzYS
1zaGEyLW5pc3RwMjU2AAAACG5pc3RwMjU2AAAAQQRIM64i1/lMebw78VNC6dJyvqMPGMvJ
otq7dOWhTgd7jskE+QJ0wgvgd9O7l/OGgh9LfYWmhV+w7XYbzUIepe3aAAAAwMgJCbzICQ
m8AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEgzriLX+Ux5vDvx
U0Lp0nK+ow8Yy8mi2rt05aFOB3uOyQT5AnTCC+B307uX84aCH0t9haaFX7DtdhvNQh6l7d
oAAAAgGzQQdtXwTXbDjWJJW1paj3Skh1s9p+VtAUs3uOm1ODUAAAAhYXp1cmVhZFxvbGl2
ZXJibGFwcEBMZW5vdm8tTEVHSU9OAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----

Code to reproduce:

/** @var PrivateKey $pv */
$file_path = 'working/file/path';
$pv = PublicKeyLoader::load(file_get_contents("$file_path/id_ecdsa"), 'passphrase');
$pv->sign('idhahsdijsoihasdj');

It seems the conversion from OpenSSH to PKCS8 is broken ($this->toString('PKCS8', ['namedCurve' => false])), as the connection can be established when ignoring the php warning, also when calling useInternalEngine, as then the routine to use openssl_sign is not evoked.

Did I do something wrong?

I would either expect the connection to fail, or that an exception is thrown.

Again, workarount $key::useInternalEngine() works... (for the impatient reader)
@terrafrost
Copy link
Member

The key doesn't appear to be encrypted. If you replace PublicKeyLoader::load(file_get_contents("$file_path/id_ecdsa"), 'passphrase') with PublicKeyLoader::load(file_get_contents("$file_path/id_ecdsa")) it seems to work just fine.

Obviously the error is unhelpful and obviously the internal engine and the OpenSSL engine ought to behave in the same way but the broader issue is that the key isn't encrypted.

terrafrost referenced this issue Jan 24, 2024
@terrafrost
EC: when using openssl to do signing use unencrypted key
6a6c222
@terrafrost
Copy link
Member

6a6c222 should fix this

@renepupil
Copy link
Author

Thank you for the reply!

With $this->withPassword()->toString('PKCS8', ['namedCurve' => false]) what will happen when the key is NOT encrypted?

Also, as far as I know having an encrypted key shouldn't be mandatory, right?

@terrafrost
Copy link
Member

withPassword() is how you remove a password from an encrypted key. If the key isn't encrypted it doesn't do anything.

@terrafrost terrafrost mentioned this issue Feb 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@terrafrost @renepupil