Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add the ability to decrypt TLS private keys #35

Merged
merged 1 commit into from
Mar 31, 2017
Merged

add the ability to decrypt TLS private keys #35

merged 1 commit into from
Mar 31, 2017

Conversation

adshmh
Copy link

@adshmh adshmh commented Mar 21, 2017

added the ability to accept a passphrase and decrypt a TLS private key, by adding a 'Passphrase' to the Options struct and the functionality required to decrypt TLS keys.
This is needed to address moby/moby#30935. A few rounds of reviews were done in moby/moby#31364 on the code in this PR as part of stubbing out the overall implementation.

Signed-off-by: Arash Deshmeh adeshmeh@ca.ibm.com

@adshmh
Copy link
Author

adshmh commented Mar 21, 2017

@cyli, @tiborvass

cyli
cyli reviewed Mar 23, 2017
View reviewed changes
tlsconfig/config.go Outdated
if err != nil {
return nil, errors.Wrap(err, "private key is encrypted, but could not decrypt it")
}
keyBytes = pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: keyBytes})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Usually this contains a type, such as EC PRIVATE KEY or RSA PRIVATE KEY - we can probably just keep the previous one: keyBytes = pem.EncodeToMemory(&pem.Block{Type: pemBlock.Type, Bytes: keyBytes})

cyli
cyli reviewed Mar 23, 2017
View reviewed changes
tlsconfig/config_test.go Outdated

if err == nil || tlsConfig != nil {
t.Fatal("Expected failure due to incorrect passphrase.")
}
Copy link
Contributor

@cyli cyli Mar 23, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to assert that it is specifically a passphrase error?

if !IsErrEncryptedKey(err) || tlsConfig != nil {
    ...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the review @cyli. Yes, this seems a better test. I have updated the PR to address both changes (pem.EncodeToMemory() and the specific passphrase error in the test.

@cyli
Copy link
Contributor

cyli commented Mar 23, 2017

Thanks for working on this @adshmh!

@adshmh
add the ability to accept a passphrase and decrypt a TLS private key
9a08a30 
Signed-off-by: Arash Deshmeh <adeshmeh@ca.ibm.com>
@adshmh adshmh force-pushed the enhancement-decrypt-TLS-private-key branch from b00eb56 to 9a08a30 Compare March 24, 2017 01:35
cyli
cyli approved these changes Mar 24, 2017
View reviewed changes
Copy link
Contributor

@cyli cyli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you for your continued work on improving this library and for your patience!

vdemeester
vdemeester approved these changes Mar 31, 2017
View reviewed changes
Copy link
Collaborator

@vdemeester vdemeester left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 🐮

@vdemeester vdemeester merged commit e15c023 into docker:master Mar 31, 2017
@vdemeester vdemeester mentioned this pull request Mar 31, 2017
Merged
@marcosnils marcosnils mentioned this pull request May 17, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vdemeester vdemeester vdemeester approved these changes

@cyli cyli cyli approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@adshmh @cyli @vdemeester