Bug 599689 - myproxy-store does not like pkcs8-encoded private keys
myproxy-store does not like pkcs8-encoded private keys
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: myproxy (Show other bugs)
14
All Linux
low Severity medium
: ---
: ---
Assigned To: Steve Traylen
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-03 14:42 EDT by Lev Shamardin
Modified: 2010-09-11 05:04 EDT (History)
2 users (show)

See Also:
Fixed In Version: myproxy-5.2-1.fc13
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-27 17:12:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Lev Shamardin 2010-06-03 14:42:49 EDT
Description of problem:
myproxy-store does not work pkcs8-encoded private keys, while openssl and related libraries work with them just fine.

Version-Release number of selected component (if applicable):
myproxy-client-5.1-1.fc12.i686
myproxy-5.1-1.fc12.i686

How reproducible:
Always

Steps to Reproduce:
1. Export your certificate and key to pkcs12 format. (Or generate them in a browser or other application which does only pkcs12 export). You can use openssl:

openssl pkcs12 -export -in yourcert.pem -inkey yourkey.pem -out yourpair.p12

2. Extract the keys back to PEM from the p12 container:

openssl pkcs12 -in yourpair.p12 -out extracted.pem

3. Split the extracted.pem to $HOME/.globus/usercert.pem and $HOME/.globus/userkey.pem. You will have a private key with this start line:
-----BEGIN ENCRYPTED PRIVATE KEY-----

4. Check that grid-proxy-init (from globus-proxy-utils-3.7-1.fc12.i686) and voms-proxy-init (from voms-clients-1.9.16.1-2.fc12.i686) work perfectly.

5. Check that even myproxy-init works correctly.

6. Now run myproxy-store. Observe this error message:

/home/shamardin/.globus/userkey.pem doesn't contain '-----BEGIN RSA PRIVATE KEY-----' nor '-----BEGIN PRIVATE KEY-----'.
makecertfile failed

  
Actual results:
myproxy-store does not work

Expected results:
working myproxy-store.

Additional info:
You could just run 

openssl pkcs8 -in userkey.pem -topk8 -out newuserkey.pem

instead of steps 1-3, but I provided them to illustrate how I have encountered this bug.
Comment 1 Jim Basney 2010-06-03 19:50:28 EDT
Upstream bug opened:
http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7033
Comment 2 Fedora Update System 2010-07-23 03:33:32 EDT
myproxy-5.2-1.el5 has been submitted as an update for Fedora EPEL 5.
http://admin.fedoraproject.org/updates/myproxy-5.2-1.el5
Comment 3 Fedora Update System 2010-07-29 21:06:35 EDT
myproxy-5.2-1.el5 has been pushed to the Fedora EPEL 5 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update myproxy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/myproxy-5.2-1.el5
Comment 4 Bug Zapper 2010-07-30 07:48:29 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 14 development cycle.
Changing version to '14'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 5 Fedora Update System 2010-08-10 13:34:13 EDT
myproxy-5.2-1.el4 has been submitted as an update for Fedora EPEL 4.
http://admin.fedoraproject.org/updates/myproxy-5.2-1.el4
Comment 6 Fedora Update System 2010-08-12 13:54:23 EDT
myproxy-5.2-1.el4 has been pushed to the Fedora EPEL 4 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update myproxy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/myproxy-5.2-1.el4
Comment 7 Fedora Update System 2010-08-17 14:55:06 EDT
myproxy-5.2-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Lev Shamardin 2010-08-23 03:43:03 EDT
Could you please update the F12 package as well? I could co-maintain MyProxy packages if you wish.
Comment 9 Fedora Update System 2010-08-23 07:05:24 EDT
myproxy-5.2-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/myproxy-5.2-1.fc12
Comment 10 Fedora Update System 2010-08-23 18:03:19 EDT
myproxy-5.2-1.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update myproxy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/myproxy-5.2-1.fc12
Comment 11 Fedora Update System 2010-08-27 17:12:19 EDT
myproxy-5.2-1.el4 has been pushed to the Fedora EPEL 4 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2010-08-31 23:28:59 EDT
myproxy-5.2-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2010-09-01 15:13:43 EDT
myproxy-5.2-1.fc13 has been submitted as an update for Fedora 13.
https://admin.fedoraproject.org/updates/myproxy-5.2-1.fc13
Comment 14 Fedora Update System 2010-09-11 05:04:48 EDT
myproxy-5.2-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.