Bug 1571200 - Decryption of http with jwk+json is broken
Summary: Decryption of http with jwk+json is broken
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: clevis
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Nathaniel McCallum
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-24 09:45 UTC by Marius Vollmer
Modified: 2018-08-27 20:16 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-27 20:16:27 UTC
Type: Bug


Attachments (Terms of Use)

Description Marius Vollmer 2018-04-24 09:45:25 UTC
clevis-8-1.fc27.x86_64

$ echo foo | clevis encrypt http '{ "url": "http://192.168.100.1:8888", "http": true, "type": "jwk+json" }' | clevis decrypt
Invalid key!
Usage: jose jwe dec -i JWE [-I CT] -k JWK [-p] [-O PT]

Decrypts a JWE using the supplied JWKs and outputs plaintext

  -i JSON --input=JSON     Parse JWE from JSON
  -i FILE --input=FILE     Read JWE from FILE
  -i -    --input=-        Read JWE from standard input

  -I FILE --detached=FILE  Read decoded ciphertext from FILE
  -I -    --detached=-     Read decoded ciphertext from standard input

  -p      --password       Prompt for a decryption password, if necessary

  -k FILE --key=FILE       Read JWK(Set) from FILE
  -k -    --key=-          Read JWK(Set) from standard input

  -O JSON --detach=JSON    Parse JWE from JSON
  -O FILE --detach=FILE    Read JWE from FILE
  -O -    --detach=-       Read JWE from standard input
                           Default: "-"

"octet-stream" works fine:

$ echo foo | clevis encrypt http '{ "url": "http://192.168.100.1:8888", "http": true, "type": "octet-stream" }' | clevis decrypt
foo

Hopefully fixed by https://github.com/latchset/clevis/pull/47

Comment 1 Nathaniel McCallum 2018-08-27 20:16:27 UTC
We have removed this pin upstream.


Note You need to log in before you can comment on or make changes to this bug.