Bad password read on PEM key

[simonprev]

Hi, first of all, thank you for this library, I’m sure it will save me a lot of time in the near future :smile:

I’ve been trying to implement the box-appauth lib in my app and after creating my Box app and the proper public/private keys, the authentication raises an error on a missing passphrase. When I created the key using Box documentation, I was asked to add a passphrase (obligatory) on the key. But when the credentials are passed to the crypto lib, I think there are no option to use a passphrase.

This is the stacktrace of the error

crypto.js:279
  var ret = this._handle.sign(toBuf(key), null, passphrase);
                         ^

Error: error:0906A068:PEM routines:PEM_do_header:bad password read
    at Error (native)
    at Sign.sign (crypto.js:279:26)
    at Object.sign (/Users/simonprev/Code/gcm-badger/dist/server.js:107705:48)
    at Object.jwsSign [as sign] (/Users/simonprev/Code/gcm-badger/dist/server.js:107499:27)
    at Object.JWT.sign (/Users/simonprev/Code/gcm-badger/dist/server.js:107317:17)
    at Backoff.<anonymous> (/Users/simonprev/Code/gcm-badger/dist/server.js:107068:42)
    at emitTwo (events.js:87:13)
    at Backoff.emit (events.js:172:7)
    at Backoff.onBackoff_ (/Users/simonprev/Code/gcm-badger/dist/server.js:112737:11)
    at Timer.listOnTimeout (timers.js:92:15)

[sandro-pasquali]

Hi Simon,

This is somewhat out of the scope of this library, which leaves it to you to handle your keys.

However, you can remove passphrases from your RSA keys. A google search should return many links on how to do this. This is not unusual, as it is tricky in an automated server environment to have a passphrase on keys.

Hope this helps

[simonprev]

Alright, thanks for the quick response