Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Private key invalid #96

Open
redDwarf03 opened this issue Jun 27, 2023 · 2 comments
Open

Private key invalid #96

redDwarf03 opened this issue Jun 27, 2023 · 2 comments

Comments

@redDwarf03
Copy link

I have this error type 'ASN1OctetString' is not a subtype of type 'ASN1Integer' in type castwhen i try to control validity of a private key

-----BEGIN PRIVATE KEY-----
xxxxxxxx
-----END PRIVATE KEY-----

I create my certificate with certbot CLI
certbot certonly --manual --domain example.com --preferred-challenges dns

This command will request a certificate to Let's Encrypt about example.com and will require to prove the ownership of the domain with a DNS challenge.

The certificate can be found at: /etc/letsencrypt/live/example.com/cert.pem and the key at: /etc/letsencrypt/live/example.com/privatekey.pem

To control my private key, i used this method


  static (bool, String) validPrivateKeyFromFile(Uint8List privateKey) {
    try {
      CryptoUtils.rsaPrivateKeyFromPem(utf8.decode(privateKey));
      return (true, '');
    } catch (e) {
      log(e.toString());
      return (
        false,
        e.toString(),
      );
    }
  }

And it seems not working in the line


  ///
  /// Decode the given [bytes] into an [RSAPrivateKey].
  ///
  static RSAPrivateKey rsaPrivateKeyFromDERBytes(Uint8List bytes) {
    var asn1Parser = ASN1Parser(bytes);
    var topLevelSeq = asn1Parser.nextObject() as ASN1Sequence;
    //ASN1Object version = topLevelSeq.elements[0];
    //ASN1Object algorithm = topLevelSeq.elements[1];
    var privateKey = topLevelSeq.elements![2];

    asn1Parser = ASN1Parser(privateKey.valueBytes);
    var pkSeq = asn1Parser.nextObject() as ASN1Sequence;

    var modulus = pkSeq.elements![1] as ASN1Integer; <------------------------ Error Parsing
    //ASN1Integer publicExponent = pkSeq.elements[2] as ASN1Integer;
    var privateExponent = pkSeq.elements![3] as ASN1Integer;
    var p = pkSeq.elements![4] as ASN1Integer;
    var q = pkSeq.elements![5] as ASN1Integer;
    //ASN1Integer exp1 = pkSeq.elements[6] as ASN1Integer;
    //ASN1Integer exp2 = pkSeq.elements[7] as ASN1Integer;
    //ASN1Integer co = pkSeq.elements[8] as ASN1Integer;

    var rsaPrivateKey = RSAPrivateKey(
        modulus.integer!, privateExponent.integer!, p.integer, q.integer);

    return rsaPrivateKey;
  }

Any idea ?

Thx
@Ephenodrom
Copy link
Owner

Did you find a solution yet ? The method should handle rsa private keys and it is testet with real life examples from openssl.

Therefore some questions :

  • Are you sure you have a rsa private key
  • Are you sure the Uint8List representing the private key, contains the PEM header / footer ?
  • Do you know if it is a private key is in PKCS1 format ? Try using the method rsaPrivateKeyFromDERBytesPkcs1().

Regards

@redDwarf03
Copy link
Author

No, i didn't find a solution. I commented on my control in my app.
I published without the control the certificate and private key on the server and it worked. So I think the key is good otherwise the server wouldn't be able to manage the certificate.

@redDwarf03 redDwarf03 mentioned this issue Sep 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ephenodrom @redDwarf03