Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't figure out how to store private key in Windows Credential Store #198

Closed
phil-levy opened this issue May 17, 2017 · 3 comments
Closed

Can't figure out how to store private key in Windows Credential Store #198

phil-levy opened this issue May 17, 2017 · 3 comments
Assignees
@adobeDan
Labels
enhancement question
Milestone
v2.1.1

Comments

@phil-levy
Copy link
Contributor

Doesn't seem to take multi-line value, or long string if I put on one line.
@phil-levy phil-levy added this to the v2.1 milestone May 17, 2017
@bhunut-adobe
Copy link
Collaborator

Phil,

I can't do it via GUI or command line. I got an error. The specified password has exceeded 512 bytes

I count of characters in my private.key and came up with 1612 characters.

This is the command I try it with.
Powershell V5+ Command

Install-Module CredentialManager
New-StoredCredential -Target 'secure_priv_key_data_key' -UserName 'umapi_private_key_data' -Password "$(Get-Content C:\User-Sync-Tool\private.key)"

@adobeDan
Copy link
Contributor

The default CredentialManager module has a built-in length limit of 512 chars. I've asked the developer whether this is an underlying technology limitation.

@adobeDan adobeDan mentioned this issue Jun 5, 2017
Closed
@adobeDan adobeDan self-assigned this Jun 6, 2017
@adobeDan adobeDan modified the milestones: v2.1.1, v2.1 Jun 6, 2017
@adobeDan
Copy link
Contributor

adobeDan commented Jun 6, 2017

It looks like the credential manager on windows has no easy way to store credentials larger than 512 chars. The API allows it, but none of the interfaces do. So I think the way to make this work on Windows (and all platforms) is to allows an encrypted private key in the PEM format and to store the key password in the keychain, rather than the key itself.

adobeDan added a commit that referenced this issue Jun 7, 2017
@adobeDan
Update to: fix #198: secure RSA keys via passphrase in keystore
83d4b2d 
As of the last commit, we only supported PKCS#5 encrypted private keys.  But with this update, we transition from the old pycrypto module to the brand new (and available on Windows from PyPI) pycryptodome module, which has plug-compatible functionality but runs on modern Pythons *and* has full PCKS#8 support!  So now we support all forms of encrypted private keys!
phil-levy added a commit that referenced this issue Jun 7, 2017
@phil-levy
Merge pull request #215 from adobe-apiplatform/issue198
3c12093 
Fix #198: secure RSA keys via passphrase in credential store
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adobeDan adobeDan

Labels
enhancement question
Projects
None yet
Milestone
v2.1.1
Development

No branches or pull requests
3 participants
@phil-levy @adobeDan @bhunut-adobe