Error: error:0906A068:PEM routines:PEM_do_header:bad password read

[mandeepm91]

I am facing this error while trying to authenticate. Here is my credentials file

var fs = require('fs');
var path = require('path');

module.exports.box_credentials = {
    publicKey: fs.readFileSync(path.resolve('./config/box_keys/public_key.pem')),
    privateKey: fs.readFileSync(path.resolve('./config/box_keys/private_key.pem')),
    algorithm: 'RS256',
    issuer: '<client_id>',
    subject: 'etsy',
    subjectType: 'user',
    clientId: '<client_id>',
    clientSecret: '<client_secret>',
    publicKeyId: '<public_key_id>',
    callRetryMax: 3,
    minutesUntilTokenRefresh: 10    
};

And I am using these credentials in this file

var appAuth = require('box-appauth');
var credentials = require("./credentials");

module.exports = {
  test: test
}

function test(){
    console.log(credentials);
  appAuth(credentials)
  .then(function(api) {
    console.log(api)
  })
  .catch(function(err) {
    console.log("** Unable to authenticate **", err);
  })  
}

I get the following error:

Error: box-appauth did not receive #issuer

[jcramer]

got the same issue. Were you ever to move past this?

[mandeepm91]

not really. will revisit this in a few weeks though

[aaronbalthaser]

It seems like this SDK does not support PEM passphrase. I used an npm package called json web token ( https://github.com/auth0/node-jsonwebtoken ) that offers the ability to pass in a password as seen below, although it is not found in their documentation. I found it in a thread: ( https://github.com/auth0/node-jsonwebtoken/issues/93 )

var key = { key: fs.readFileSync('./rsa/private_key.pem', 'utf8'), passphrase: 'whatever' };

var boxtoken = jwt.sign(claims, key, options);

I also tried to use an self signed key and was able to at least get the api call to go out but I was not able to add the self signed key to the box app as it complained it was malformed.

Might actually be better off writing the code yourself. Seems like this project has little activity. I was thinking of dissecting the code in the jsonwebtoken package to see how it implements the passphrase and maybe adding it to the SDK for myself.

[aaronbalthaser]

Ok, so I have fixed the issue with the PEM passphrase. Now I am getting the api call to go through, however now I am getting an error returned [Error: Unable to get token after 10 tries]. Do any of you know what would cause that?

[aaronbalthaser]

Also the way I was able to get the token generated was by adding the following code before line 160 on factory.js:

var key = { key: privateKey, passphrase: 'whatever' };

It would be easier to add a more intelligent fix if I knew what crypto.js was actually doing with this passphrase. I cannot seem to find this file anywhere.

As far as I can tell jwt module passes this object to jwa which ultimately passes it to a crypto.createSign module using a method called sign(privateKey, 'base64'). I cannot find the actual file for crypto.js, so I do not know what it is actually doing with the password. If anyone can help me understand where this file is I would be happy to come up with a fix for this.

[Syed-Shahzaib-Hussain]

Use this code to generate pem files.

openssl genrsa -out server-key.pem 1024
openssl req -new -key server-key.pem -out server-csr.pem
openssl x509 -req -in server-csr.pem -signkey server-key.pem -out server-cert.pem