Encryption algorithms other than RSA · spotify/docker-client#554

(2 comments) (0 reactions) (0 assignees)Java (1,430 stars) (551 forks)batch import

enhancementhelp wantedpinned

Description

My docker registry gives me a key encrypted with the ECDSA algoritm. At least, that's what I think when I read the key.pem

PEMParser pemParser = new PEMParser(new BufferedReader(new FileReader("key.pem")));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
if (object instanceof PEMKeyPair) {
  PEMKeyPair pair = (PEMKeyPair) object;
  converter.getPrivateKey(pair.getPrivateKeyInfo()).getAlgorithm()
}

Then DockerCertificates throws exception maybe because of line 97.

How to reproduce

Don't know. If your docker registry gives you ECDSA-encrypted key, then you can try.

What do you expect

Maybe bouncycastle can be used to find the encryption algorithm.

What happened instead

exception java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA private key: Version must be 0 [Describe the actual results]

Software:

docker-maven-plugin:0.4.13

Full backtrace

[Paste full backtrace here]

Contributor guide

Tech stack: java
Domain: backendsecurity
Issue type: bug
Difficulty: 3
Estimated time: half day
Activity status: stale
Clarity: unclear
Prerequisites: Javacryptography knowledge
Newbie friendliness: 20
Research direction: Investigate the PEM parsing in DockerCertificates.java around line 97. Determine how the current code assumes RSA and how to support ECDSA keys. Consider using Bouncy Castle's JcaPEMKeyConverter to detect the algorithm. Check if there are any existing tests or documentation on key handling.