Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Will not parse pem files that have a passphrase - solution offered #81

jdavies opened this issue Oct 25, 2018 · 1 comment


None yet
2 participants
Copy link

commented Oct 25, 2018

I was trying to parse a passphrase that was encrypted using a password. When I tried passing in the passphrase attribute in with the rest of the other options, I still got the same error:

			throw (e);
KeyEncryptedError: The PEM format key (unnamed) is encrypted (password-protected), and no passphrase was provided in `options`
    at (/Users/jdavies/getObj/node_modules/sshpk/lib/formats/pem.js:75:12)
    at (/Users/jdavies/getObj/node_modules/sshpk/lib/formats/auto.js:24:16)
    at Object.PrivateKey.parse [as parsePrivateKey] (/Users/jdavies/getObj/node_modules/sshpk/lib/private-key.js:185:27)
    at Object.signRequest (/Users/jdavies/getObj/node_modules/http-signature/lib/signer.js:362:21)
    at sign (/Users/jdavies/getObj/getObj.js:61:19)
    at getUser (/Users/jdavies/getObj/getObj.js:99:5)
    at Object.<anonymous> (/Users/jdavies/getObj/getObj.js:144:1)
    at Module._compile (module.js:653:30)
    at Object.Module._extensions..js (module.js:664:10)
    at Module.load (module.js:566:32)

Turns out that in the http-signature/lib/signer.js file that the 'passphrase' option is never checked for or propagated. Here is my hack that got this to work:

In signer.js:
At line 293 I inserted the following:
assert.optionalString(options.passphrase, 'options.passphrase');

At line 363 (formerly line 362) I modifed the line to the following to propagate the options object:
key = sshpk.parsePrivateKey(options.key, 'auto', options);

Obviously, hardcoding 'auto' for the format is not the correct approach, but it made the code work for me. Here is the command I used to generate my private key:
openssl genrsa -out ~/oci_api_key.pem -aes128 2048

the openssl tool required me to provide a passphrase. When I later tried to use the http-signature module, I came across this issue. I hope this helps.


This comment has been minimized.

Copy link

commented Feb 8, 2019

Any plans to address this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.