Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error: Could not add PKCS#7 signer; no private key specified. #180

Closed
theobouwman opened this issue Dec 14, 2023 · 12 comments
Closed

Error: Could not add PKCS#7 signer; no private key specified. #180

theobouwman opened this issue Dec 14, 2023 · 12 comments
Labels
question Generic question or set of questions

Comments

@theobouwman
Copy link

theobouwman commented Dec 14, 2023
edited
Loading

Running OS

macOS 13.6.1

Running Node Version

v20.3.1

Description

I followed all steps to create the certificates etc.
Trying to generate a pass based on the examplePass in the examples.
But I am getting this error: Error: Could not add PKCS#7 signer; no private key specified.

Expected behavior

Expected to generate a pass.

Steps to reproduce

const cache = {
	certificates: undefined,
};

export async function getCertificates() {
	if (cache.certificates) {
		return cache.certificates;
	}

	const [signerCert, signerKey, wwdr, signerKeyPassphrase] = await Promise.all([
    fs.readFile(
      path.resolve(__dirname, "certs/new/signerCert.pem"),
      "utf-8",
    ),
    fs.readFile(
      path.resolve(__dirname, "certs/new/signerKey.pem"),
      "utf-8",
    ),
    fs.readFile(
      path.resolve(__dirname, "certs/new/AppleWWDRCAG4.pem"),
      "utf-8",
    ),
    Promise.resolve("password"),
  ]);

	cache.certificates = {
		signerCert,
		signerKey,
		wwdr,
		signerKeyPassphrase,
	};

	return cache.certificates;
}

const certs = await getCertificates()

  try {
    /** Each, but last, can be either a string or a Buffer. See API Documentation for more */  
    const pass = await PKPass.from({
      /**
       * Note: .pass extension is enforced when reading a
       * model from FS, even if not specified here below
       */
      model: "/Users/theobouwman/dev/projects/momo/momo-wallet-passes-api/templates/examplePass",
      certificates: {
        wwdr: certs.wwdr,
        signerCert: certs.signerCert,
        signerKey: certs.signerKey,
        signerKeyPassphrase: certs.signerKeyPassphrase
      },
    });

    console.log(pass)
  
    // Adding some settings to be written inside pass.json
    // pass.setBarcodes("123454321"); // Random value
  
    // Generate the stream .pkpass file stream
    // const stream = pass.getAsStream();
    // console.log('stream', stream)
  
    // or
  
    const buffer = pass.getAsBuffer();

Were you able to verify it by using (and changing) the examples?

No
@alexandercerutti
Copy link
Owner

Hi @theobouwman, thanks for using passkit-generator!

Do you mind providing in the example code the imports of using? Especially the fs. I have an idea but I'm not sure about it yet.

@theobouwman
Copy link
Author

theobouwman commented Dec 14, 2023
edited
Loading

@alexandercerutti the error occurs when calling getAsBuffer()

import { promises as fs } from "fs";
import path from "path";
import express from 'express';
import passkit from "passkit-generator";
const PKPass = passkit.PKPass;
import { pinoHttp, logger } from './utils/logging.js';
import { fileURLToPath } from 'url';
import { dirname } from 'path';

const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);

@alexandercerutti
Copy link
Owner

Are you sure that this code retrieves the right content?

    fs.readFile(
      path.resolve(__dirname, "certs/new/signerKey.pem"),
      "utf-8",
    ),

@theobouwman
Copy link
Author

@alexandercerutti Yes i am 100% sure. Printing the pass var shows the content of the files.

@alexandercerutti
Copy link
Owner

Do you mind sharing the header of your signerKey file? Like, the first 5-6 rows

@theobouwman
Copy link
Author 

Bag Attributes
    friendlyName: Theo
    localKeyID: 5B 1A B1 8E 9C A9 FB 08 B1 57 A6 26 CE 40 53 FE 44 EC E3 B1 
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFJDBWBgkqhkiG9w0BBQ0wSTAxBgkqhkiG9w0BBQwwJAQQjmc5ZICKhcYwRmDo

@alexandercerutti
Copy link
Owner

That's weird. Any chance you chould share privately the project? I'm not sure about the issue here.

@theobouwman
Copy link
Author

@alexandercerutti I fixed it. I used the same passphrase for your-password and secret-passphrase

# Extracting key and cert from pkcs12
# <your-password> for -passin is the pass for the P12
$ openssl pkcs12 -in <cert-name>.p12 -clcerts -nokeys -out signerCert.pem -passin pass:<your-password>

# <your-password> for -passin is the pass for the P12. <secret-passphrase> is the pass you'll pass to passkit-generator to decrypt privateKey.
$ openssl pkcs12 -in <cert-name>.p12 -nocerts -out signerKey.pem -passin pass:<your-password> -passout pass:<secret-passphrase>

@alexandercerutti
Copy link
Owner

Okay great! :D Glad you solved

@alexandercerutti alexandercerutti added the question Generic question or set of questions label Dec 18, 2023
@MICU-ADMIN
Copy link

I was going to say i fixed this by specifying the correct passphrase in my code.

i too used the same password and phrase for convenience

@KStockton
Copy link

KStockton commented Jun 5, 2024
edited
Loading

I have the same issue and have two different passphrase. Is there a key for a signerCert passphrase? Looks like the code doesn't allow two different passphrase, one for each cert.

@alexandercerutti
Copy link
Owner

@KStockton I kindly ask you to open a new issue as this has been resolved. Thank you 🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Generic question or set of questions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@alexandercerutti @theobouwman @KStockton @MICU-ADMIN