Cannot read public key. OID is not RSA.

[morozovdmytro]

Running OS

Mac OS

Running Node Version

node v16

Description

Getting error when passing the [Nest] 58150 - 09/01/2023, 23:32:16 ERROR [ExceptionsHandler] Cannot read public key. OID is not RSA. Error: Cannot read public key. OID is not RSA. at Object.pki.certificateFromAsn1 (/Users/dmytromorozov/Documents/GitHub/p-giftcards/p-giftcards/node_modules/node-forge/lib/x509.js:1316:11) at Object.pki.certificateFromPem (/Users/dmytromorozov/Documents/GitHub/p-giftcards/p-giftcards/node_modules/node-forge/lib/x509.js:822:14) at parseCertificates (/Users/dmytromorozov/Documents/GitHub/p-giftcards/p-giftcards/node_modules/passkit-generator/lib/Signature.js:90:40) at Object.create (/Users/dmytromorozov/Documents/GitHub/p-giftcards/p-giftcards/node_modules/passkit-generator/lib/Signature.js:30:45) at PKPass.[pass.close] (/Users/dmytromorozov/Documents/GitHub/p-giftcards/p-giftcards/node_modules/passkit-generator/lib/PKPass.js:474:43) at PKPass.getAsBuffer (/Users/dmytromorozov/Documents/GitHub/p-giftcards/p-giftcards/node_modules/passkit-generator/lib/PKPass.js:489:42)

while running

public async generatePassAsync<TPayload>(modelPath: string, payload: TPayload): Promise<Buffer> {
        const { wwdr, signerCert, signerKey, signerKeyPassphrase } = await this.getCertificatesAsync();
        const pass = await PKPass.from({
            model: modelPath,
            certificates: {
                wwdr,
                signerCert,
                signerKey,
                signerKeyPassphrase
            },
        }, payload);
        return pass.getAsBuffer();
    }

    // TODO: optimize and add caching of files
    protected async getCertificatesAsync(): Promise<{signerCert: string, signerKey: string, wwdr: string, signerKeyPassphrase: string}> {
        const [signerCert, signerKey, wwdr, signerKeyPassphrase] =

        await Promise.all([
            fs.readFile(
                this.config.signerCertPath,
                {encoding: "utf-8"},
            ),
            fs.readFile(
                this.config.signerKeyPath,
                {encoding: "utf-8"},
            ),
            fs.readFile(
                this.config.wwdrCertPath,
                {encoding: "utf-8"},
            ),
            Promise.resolve(this.config.signerKeyPassphrase),
        ]);

        return {
            signerCert,
            signerKey,
            wwdr,
            signerKeyPassphrase
        };
    }

Checked the content read from files and it is legit. Also was able to read pem files using openssl commands.

Any idea what could go wrong is very much appreciated!

[alexandercerutti]

Hey there, @morozovdmytro! Thanks for using passkit-generator!

I've no idea what is happening, but I will do my best to help you.

I was looking around and I found this issue on node-forge, which might be very similar to what you are trying to do with the certificates (reading with utf-8 encoding). Sadly the issue is still open and had no reply, so not very sure what is the issue there.

Here, on StackOverflow, someone is saying that the issue might be due to: That certificate contains an ECC (elliptic-curve) key.

Now two things:

1) The answer is two years old, so I don't know if that is still valid for the node-forge version passkit-generator ships with. 2) How did you generate your public key? Did you follow the steps in wiki?

Let me know :)

[morozovdmytro]

Hi Alexander!

Thanks for quick response. Yeah, I’ve also seen that thread on node-forge and didn’t catch if I should try any other encoding. Public key was generated exactly how described in wiki.

On Mon, 9 Jan 2023 at 23:53, Alexander Cerutti @.***> wrote:

Hey there, @morozovdmytro https://github.com/morozovdmytro! Thanks for using passkit-generator!

I've no idea what is happening, but I will do my best to help you.

I was looking around and I found this issue on node-forge https://github.com/digitalbazaar/forge/issues/701, which might be very similar to what you are trying to do with the certificates (reading with utf-8 encoding). Sadly the issue is still open and had no reply, so not very sure what is the issue there.

Here, on StackOverflow https://stackoverflow.com/questions/65014775/node-forge-error-cannot-read-public-key-oid-is-not-rsa-when-loading-ssl-cer, someone is saying that the issue might be due to: That certificate contains an ECC (elliptic-curve) key.

Now two things:

1. The answer is two years old, so I don't know if that is still valid
2. How did you generate your public key? Did you follow the steps in wiki?

Let me know :)

— Reply to this email directly, view it on GitHub https://github.com/alexandercerutti/passkit-generator/issues/123#issuecomment-1376446614, or unsubscribe https://github.com/notifications/unsubscribe-auth/ATDBXVFGEKL2LWTA2ZP2GZTWRSJGNANCNFSM6AAAAAATV6VU6M . You are receiving this because you were mentioned.Message ID: @.***>

[alexandercerutti]

@morozovdmytro I am guessing you tried with the Apple Keychain Access procedure, am I right? If so, can you try to generate them through the terminal steps (or vice versa)?

Which version of macOS are you using? Maybe something changed and we don't know it yet.

What happens if you remove the encoding at all?

[alexandercerutti]

Hey there @morozovdmytro, have you been able to solve it?

[alexandercerutti]

Closing this for inactivity. If you'll need help again, feel free to open it again. 😉

[mortenbekditlevsen]

Hi @alexandercerutti , Just for others, who like myself apparently can't follow instructions :-) When I accidentally downloaded WWDR G6 instead of G4 I got this error. Just using G4 fixed the issue for me.

[FaysalBsata]

@mortenbekditlevsen I had exactly the same issue, and this just solved it, thank you