-
Notifications
You must be signed in to change notification settings - Fork 242
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Provisioner password prompt embezzles [
#955
Comments
I've tried to reproduce this with an older Windows 10 VM, using the latest version of PowerShell, but I'm not able to do it. Can you reproduce this with other commands, for example combining these two:
Or just trying to use |
Thanks for your reply @maraino I've tested the step crypto commands. Situation is the same. (It behaves equally in powershell - running in the windows terminal - and in the integrated posh console of vscode). Password choosen for the below example:
As long, as i copy/paste, it can work, as the chars captured by the prompt are the same and match, so decryption is possible.
I made some more examples on the same machine. More examples on the provisionersMy ca is started as container in the background:
Example
|
I've tried on a Windows 11 VM on Azure, and I could still use a key with the password "asdf[123". But I noticed one thing, doing Our step-kms-plugin reads the password using a different method. If you compile the version in main and do this, you should see the public key: step crypto keypair --password-file password.txt pub.pem priv.pem
step-kms-plugin key softkms:priv.pem Where password.txt is encoded in ASCII/UTF-8, and |
I suppose this works |
Result:
Result: The
|
It's the input language setting of Windows 11. There are two input languages on my system now.
Start a powershell:
Change the input language with Start a new powershell:
The tests with |
Steps to Reproduce
pki-admin
with a random password containing a[
Output:
The
[
char is not captured by the step-cli prompt in PowerShell.Change the provisioner password to match a plain ASCII string (
[a-z][A-Z][0-9]
); based on https://smallstep.com/docs/step-ca/provisioners/#changing-a-jwk-provisioner-passwordRepeat 2.
Output:
Your Environment
step-ca
Version - Smallstep CA/0.24.2 (linux/arm64)step
Version - Smallstep CLI/0.24.1 (windows/amd64)Step CA
compose service name is:
ca
Windows Client
Installed via
winget
Manual usage of 0.24.4:
Expected Behavior
Provisioner password prompt receives every character as-is when copy/paste from password manager tool.
Actual Behavior
Provisioner password prompt embezzles
[
.Additional Context
OS language:
en-us
Keyboard layout:
de-ch
I assume it's an issue in the Go prompt. In
powershell.exe
orcmd.exe
you'll see these☺
when entering the password. When typing a[
manually, it isn't captured by the prompt. A password withl=32
results in effectivel=30
.Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: