Description of problem: genkey does not escape password characters when it calls keyutil. For instance, if I create a key with password "ABC&DEF", I'll get the following: # genkey cloud.atgreen.org /usr/bin/keyutil -c makecert -g 2048 -s "CN=box.example.com, O=My Home Data Center, L=Toronto, ST=Ontario, C=CA" -v 1 -a -z /etc/pki/tls/.rand.4698 -e ABC&DEF -o /etc/pki/tls/certs/cloud.atgreen.org.crt -k /etc/pki/tls/private/cloud.atgreen.org.key sh: DEF: command not found genkey should have escaped the & when creating that keyutil command option. Version-Release number of selected component (if applicable): crypto-utils-2.4.1-39.fc19.x86_64 How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Version-Release number of selected component (if applicable): crypto-utils-2.4.1-24.2.el6.x86_64 I had a similar problem on RHEL 6.4 x86_64 where a passphrase with spaces would be accepted by genkey, but then cause failure where the same passphrase could not be used to decrypt the key. Running genkey with "genkey --test" or directly calling /usr/bin/keyutil does not provide an error message when providing a passphrase containing spaces. Running genkey without the "--test" flag does provide an error message, but about certificate creation failure, not about the passphrase. It seems that genkey passes the passphrase to /usr/bin/keyutil unquoted. Surrounding the passphrase in quotes in the call to /usr/bin/keyutil seems to solve the problem. Fails: /usr/bin/keyutil -c genreq -g 512 -s "CN=test, OU=testou, O=testo, L=testl, ST=testst, C=US" -v 24 -a -o /etc/pki/tls/certs/two.words.0.csr -k /etc/pki/tls/private/two.words.key -e two words Works: /usr/bin/keyutil -c genreq -g 512 -s "CN=test, OU=testou, O=testo, L=testl, ST=testst, C=US" -v 24 -a -o /etc/pki/tls/certs/two.words.0.csr -k /etc/pki/tls/private/two.words.key -e "two words" I have a more detailed write-up of tests if it is needed. If necessary, I can also file this as a separate bug, but it seemed that the original description here about non-escaped passphrase characters and the problem I encountered were similar enough to merit mentioning here first.
Commit: http://pkgs.fedoraproject.org/gitweb/?p=crypto-utils.git;a=commitdiff;h=3c5bc63a88f5d1ff334cf3509a6613a7b58eaf2c Package: crypto-utils-2.4.1-47.fc21 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=494035
Commit: http://pkgs.fedoraproject.org/gitweb/?p=crypto-utils.git;a=commitdiff;h=3c5bc63a88f5d1ff334cf3509a6613a7b58eaf2c Package: crypto-utils-2.4.1-47.fc20 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=494042
crypto-utils-2.4.1-48.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/FEDORA-2014-1362/crypto-utils-2.4.1-48.fc20
crypto-utils-2.4.1-48.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/crypto-utils-2.4.1-48.fc19
crypto-utils-2.4.1-48.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
crypto-utils-2.4.1-48.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Fixed in updates.