search

smallstep / certificates

🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
https://smallstep.com/certificates
Apache License 2.0
6.73k stars 440 forks source link

[Bug]: failed to decrypt JWK #1603

Open BoxedBrain opened 1 year ago

BoxedBrain commented 1 year ago

Steps to Reproduce

When trying to create a certificate, I need to enter the password. This was generated before by step-ca and looks like this: OF'Wix)Z_Y1"Z'G[OL|vB9<X<doibdTz

Your Environment

Expected Behavior

Generated password should work

Actual Behavior

C:\dev\test>step ca certificate localhost srv.crt srv.key --provisioner=removed
✔ Provisioner: removed (JWK) [kid: ...removed...]
✔ Please enter the password to decrypt the provisioner key:
✔ Please enter the password to decrypt the provisioner key:
✔ Please enter the password to decrypt the provisioner key: █
failed to decrypt JWK: invalid password

Additional Context

Manually creating a 'simple' password e.g.: test123 works as expected.

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

hslatman commented 1 year ago

@BoxedBrain does the password work if you provide it using a file or while escaping it on the command line? I suspect some character is problematic while providing it interactively.

BoxedBrain commented 1 year ago

@hslatman yes, providing it using --provisioner-password-file=pw.txt works as expected. Also, I had the same problem with different generated passwords.