Why private key password is required?

abhishek-ram / django-pyas2

AS2 file transfer Server built on Python and Django.

https://django-pyas2.readthedocs.io

GNU General Public License v3.0

83 stars 31 forks source link

Why private key password is required? #76

Open rsoltys opened 2 years ago

rsoltys commented 2 years ago

I've tried to add private key without password and I got 500:

File "/src/django-pyas2/pyas2/forms.py", line 98, in clean
    cleaned_data["key_file"], cleaned_data["key_pass"]

Exception Type: KeyError at /en/admin/pyas2/privatekey/add/
Exception Value: 'key_pass'

Could the key_pass be optional?

Thanks!

abhishek-ram commented 2 years ago

It is not optional, I guess I need to raise validation error here.

rsoltys commented 2 years ago

@abhishek-ram thanks for reply. I have no private key password in my use case. Could you please explain to me, why the key_pass has to be required?

abhishek-ram commented 2 years ago

For security reasons a password needs to be set for a private key. You should be able to add it like so https://security.stackexchange.com/questions/59136/can-i-add-a-password-to-an-existing-private-key

adiroiban commented 1 year ago

For anyone that has a private key without a password and wants to import it, you can conver the key+kert to a p12 file, set a password and import it :)


openssl pkcs12 -export -in certificate.pem -inkey private.key -out pyas2-friendly.p12 -name "To import cert"
``