Closed felipenazario closed 1 month ago
This collection does not aim to be 100% compatible to OpenSSL (the name prefix openssl_
for the module name is mainly legacy), so this is definitely not a bug.
Also the cipher is only used when a passphrase is specified (it's the cipher used to encrypt the key with the given passphrase). So cipher
and passphrase
are very dependent on each other.
Since we dropped the PyOpenSSL backend the only valid value for cipher
is auto
, so I guess we can give cipher
a default value so there's no more need to specify it. That would be an enhancement.
(Actually with cryptography 38.0.0 it is possible to configure this a bit: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#cryptography.hazmat.primitives.serialization.PrivateFormat.encryption_builder - the only option of the returned builder that seems to affect regular private keys is kdf_rounds
though. So it doesn't make sense yet to add more options to cipher
, or create new options for that.)
SUMMARY
The openssl allow us to generate a private key using or not encrypted keys. But the following module is not allowing us the same support.
ISSUE TYPE
COMPONENT NAME
community.crypto.openssl_privatekey
ANSIBLE VERSION
COLLECTION VERSION
CONFIGURATION
OS / ENVIRONMENT
NAME="openSUSE Leap" VERSION="15.3" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.3" PRETTY_NAME="openSUSE Leap 15.3" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:leap:15.3" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/"
STEPS TO REPRODUCE
I always generated private key in bash.
However, I'm having difficulty converting this to task, as we apparently don't have the equivalent.
EXPECTED RESULTS
Notice that in the task I am informing passphrase field, but also omitting cipher field to be 100% equivalent to openssl. Unfortunately, there is a bond between these fields.
ACTUAL RESULTS
Notice that in the task I am must omit the passphrase field because it that works together with the cipher, even though this dependency does not exist in the equivalent openssl command.
Am I doing something wrong in the task or the task is it just like that? Is it possible to revoke this dependency between the passphrase and cipher attributes?