Closed JimitSoni18 closed 2 months ago
JimitSoni18
commented
3 months ago here is my cargo toml:
[package]
name = "wt"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
tokio = { version = "1.37.0", features = ["full"] }
wtransport = "0.1.12"
BiagioFesta
commented
3 months ago Did the command:
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365ask you for a password?
JimitSoni18
commented
3 months ago @BiagioFesta it did ask for a PEM passphrase in the beginning, and then again to verify it.
JimitSoni18
commented
3 months ago @BiagioFesta i tried generating with the -nodes option, and it started working. I don't know why was it not able to find the file when it was encrypted with passphrase. If the wrong enum was returned from load_pemfile, can you please create a new variant that says that encrypted keys cannot be read, if possible... or if it is something else, please inform me that it is some other issue
BiagioFesta
commented
3 months ago If you generate an encrypted private key there is no way the library can load that (nobody can read that private key but you, knowing the pass phrase).
With openssl (as you already mentioned), you need to add -nodes to avoid generating private key with DES encryption.
[...] can you please create a new variant that says that encrypted keys cannot be read, if possible... or if it is something else, please inform me that it is some other issue
Encrypted stuff are made to not be "understandable". From the file point of view it is just binary random data.
The library cannot distinguish whether the file contain an encrypted private key or just other random stuff (e.g., let us imagine you pass a image.jpg to the library as parameter to load as private key).
How the library can know that binary data is an image binary data, or a encrypted stuff? From the library perspective, I can only tell whether the file contains a valid private key or not.
If the passed file does not contain a parsable private key that's the rationale behind the error: PrivateKeyNotFound.
As the documentation says (https://docs.rs/wtransport/latest/wtransport/tls/struct.PrivateKey.html#method.load_pemfile):
Returns a
PemLoadError::PrivateKeyNotFoundif no private key is found in the file.
Please note that, the load_pems file functions return a PemLoadError
If you pass a not existing file you instead get a PemLoadError::FileError (with the corresponding operative system code/description).
PrivateKeyNotFound means not found within the file.
From the doc: https://docs.rs/wtransport/latest/wtransport/tls/enum.PemLoadError.html#variant.PrivateKeyNotFound
No private key found in PEM file.
I would like avoid having a PemLoadError::PrivateKeyNotFoundWithinTheFile :) ... too long. Variant names, like variable names, are made for programmers.
Definitely I could improve the Display implementation from "no private key found" to "no private key found within the file" (as this is for "end users").
BiagioFesta
commented
3 months ago I am going to open a PR and close this issue trying to slightly improve the naming :)
Thank you for your feedback
I am trying to get started with the wtransport crate, I generated pem certificate and private key using openssl using the following command:
which generated
-rw-rw-r-- 1 my_username my_username 2122 Mar 29 12:33 cert.pem -rw------- 1 my_username my_username 3422 Mar 29 12:30 key.pemin the directory/home/my_username/cert/then I copied the same code as it is in the docs:
but when I try to run it using cargo r, it gives me the following error:
wt on master [?] is 📦 v0.1.0 via 🦀 v1.76.0 ❯ cargo r Finished dev [unoptimized + debuginfo] target(s) in 0.06s Running
target/debug/wtthread 'main' panicked at src/main.rs:10:18: calledResult::unwrap()on anErrvalue: PrivateKeyNotFound note: run withRUST_BACKTRACE=1environment variable to display a backtraceI know that the file is present there, because loading cert.pem did not unwrap, so I don't know what I did wrong.
please help