spotify/docker-client

Encryption algorithms other than RSA

Open

#554 创建于 2016年12月21日

在 GitHub 查看
 (2 评论) (0 反应) (0 负责人)Java (1,430 star) (551 fork)batch import
enhancementhelp wantedpinned

描述

Description

My docker registry gives me a key encrypted with the ECDSA algoritm. At least, that's what I think when I read the key.pem

PEMParser pemParser = new PEMParser(new BufferedReader(new FileReader("key.pem")));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
if (object instanceof PEMKeyPair) {
  PEMKeyPair pair = (PEMKeyPair) object;
  converter.getPrivateKey(pair.getPrivateKeyInfo()).getAlgorithm()
}

Then DockerCertificates throws exception maybe because of line 97.

How to reproduce

Don't know. If your docker registry gives you ECDSA-encrypted key, then you can try.

What do you expect

Maybe bouncycastle can be used to find the encryption algorithm.

What happened instead

exception java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA private key: Version must be 0 [Describe the actual results]

Software:

docker-maven-plugin:0.4.13

Full backtrace

[Paste full backtrace here]

贡献者指南

技术栈
java
领域
backendsecurity
议题类型
bug
难度面向新贡献者的预计实现难度,1 表示很小改动,5 表示专家级工作。
3
预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。
half day
活动状态议题当前的可参与程度:新鲜、活跃、陈旧、阻塞或等待维护者输入。
stale
清晰度议题是否清楚说明期望改动、验收标准和下一步。
unclear
前置要求
Javacryptography knowledge
新手友好度1-100 的估计分数,表示该议题对首次贡献者的友好程度。
20
研究方向
Investigate the PEM parsing in DockerCertificates.java around line 97. Determine how the current code assumes RSA and how to support ECDSA keys. Consider using Bouncy Castle's JcaPEMKeyConverter to detect the algorithm. Check if there are any existing tests or documentation on key handling.