Closed xalvarez closed 11 months ago
Hi @xalvarez,
I couldn't reproduce the issue. The following worked for me:
...:~# java --version
openjdk 11.0.19 2023-04-18
OpenJDK Runtime Environment (build 11.0.19+7-post-Ubuntu-0ubuntu118.04.1)
OpenJDK 64-Bit Server VM (build 11.0.19+7-post-Ubuntu-0ubuntu118.04.1, mixed mode, sharing)
...:~# curl -sS https://storage.googleapis.com/tinkey/tinkey-1.10.0.tar.gz -o tinkey.tar.gz
...:~# tar -zxvf tinkey.tar.gz
tinkey_deploy.jar
tinkey
tinkey.bat
...:~# KEYSET="$(./tinkey create-keyset --key-template=AES256_GCM)"
...:~# echo "${KEYSET}"
{"primaryKeyId":3717731505,"key":[{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesGcmKey","value":"GiBnypnRPZyoyMVhUcC91BNht/+WuyLog5xgfZxR6TTe7Q==","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":3717731505,"outputPrefixType":"TINK"}]}
...:~# KEYSET="$(echo "${KEYSET}" | ./tinkey add-key --key-template=AES256_GCM)"
...:~# echo "${KEYSET}"
{"primaryKeyId":3717731505,"key":[{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesGcmKey","value":"GiBnypnRPZyoyMVhUcC91BNht/+WuyLog5xgfZxR6TTe7Q==","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":3717731505,"outputPrefixType":"TINK"},{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesGcmKey","value":"GiBCG5gnbg5u40Xdv1gU4RGHZbJTJ9mV1zNBesWL2GITaA==","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":1417504640,"outputPrefixType":"TINK"}]}
...:~# echo "${KEYSET}" | ./tinkey promote-key --key-id 1417504640
{"primaryKeyId":1417504640,"key":[{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesGcmKey","value":"GiBnypnRPZyoyMVhUcC91BNht/+WuyLog5xgfZxR6TTe7Q==","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":3717731505,"outputPrefixType":"TINK"},{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesGcmKey","value":"GiBCG5gnbg5u40Xdv1gU4RGHZbJTJ9mV1zNBesWL2GITaA==","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":1417504640,"outputPrefixType":"TINK"}]}
Can you please provide a repro that I can copy-paste?
Hi @morambro,
In my case I'm using JDK 17, not sure if that's relevant:
# java --version
openjdk version "17.0.8.1" 2023-08-24
OpenJDK Runtime Environment Temurin-17.0.8.1+1 (build 17.0.8.1+1)
OpenJDK 64-Bit Server VM Temurin-17.0.8.1+1 (build 17.0.8.1+1, mixed mode, sharing)
I can't always reproduce the issue. I executed the same commands you did three times in a row. The first two times everything worked, the third time it didn't:
# KEYSET="$(./tinkey create-keyset --key-template=AES256_GCM)"
# echo "${KEYSET}"
{"primaryKeyId":1373832914,"key":[{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesGcmKey","value":"GiDEWSWfvditpOD4+Xi+hq8mqGY3mhwZReoSlaZgU0rvLA==","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":1373832914,"outputPrefixType":"TINK"}]}
# KEYSET="$(echo "${KEYSET}" | ./tinkey add-key --key-template=AES256_GCM)"
# echo "${KEYSET}"
{"primaryKeyId":1373832914,"key":[{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesGcmKey","value":"GiDEWSWfvditpOD4+Xi+hq8mqGY3mhwZReoSlaZgU0rvLA==","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":1373832914,"outputPrefixType":"TINK"},{"keyData":{"typeUrl":"type.googleapis.com/google.crypto.tink.AesGcmKey","value":"GiCKDRRRHQSnD0N/aJE6hMKQub+W2A2agfGzel6bsvNGBQ==","keyMaterialType":"SYMMETRIC"},"status":"ENABLED","keyId":4052895615,"outputPrefixType":"TINK"}]}
# echo "${KEYSET}" | ./tinkey promote-key --key-id 4052895615
Argument wrong!
org.kohsuke.args4j.CmdLineException: "4052895615" is not a valid value for "--key-id"
I could reproduce the same issue you had in https://github.com/tink-crypto/tink-tinkey/issues/1#issuecomment-1772378627 with:
curl -sS https://storage.googleapis.com/tinkey/tinkey-1.10.0.tar.gz -o tinkey.tar.gz
tar -zxvf tinkey.tar.gz
cat <<'EOF' > test.sh
set -eou pipefail
for i in `seq 1 100`; do
KEYSET="$(./tinkey create-keyset --key-template=AES256_GCM)"
KEYSET="$(echo "${KEYSET}" | ./tinkey add-key --key-template=AES256_GCM)"
KEY_ID="$(echo "$KEYSET" | grep -Po 'keyId":[0-9]+' | tail -1 | cut -d: -f2)"
echo "${KEYSET}" | ./tinkey promote-key --key-id "${KEY_ID}"
done
EOF
bash test.sh
rm -rf test.sh
I got Argument wrong! org.kohsuke.args4j.CmdLineException: "4083652082" is not a valid value for "--key-id"
.
Couldn't reproduce this with v1.9.0. I'll take a deeper look into this.
Hi @xalvarez , the issue should be solved with https://github.com/tink-crypto/tink-tinkey/commit/8bd5e008d7f8c242ad7779ebdd745612d86e1402. Could you please try the latest snapshot?
Hi @morambro I couldn't reproduce the issue using the snapshot version :slightly_smiling_face: thank you!
Great, thanks! I will work on a patch release.
Describe the bug:
Commands that require a
--key-id
option rarely work on Tinkey 1.10.0.Given a key set including multiple keys, running commands with the option
--key-id
usually ends up with:This doesn't happen with Tinkey 1.9.0.
What was the expected behavior?
Since a valid key-id was provided, the command should have worked.
How can we reproduce the bug?
Using bash:
Generate a new key-set:
Add a new key to the key-set:
Promote the new key:
Output:
What version of Tinkey are you using?
1.10.0
Can you tell us more about your development environment?
I'm using this Tinkey version: https://storage.googleapis.com/tinkey/tinkey-1.10.0.tar.gz I'm running it on Ubuntu 22.04
Is there anything else you'd like to add?
I couldn't reproduce this error with Tinkey 1.9.0