I used GnuPG to create an RSA key pair xxx#xxx.com. When I created it, I set an empty passphrase.
$ gpg --gen-key
When generating the key pair, it prompts: "You need a passphrase to...", where I pressed enter twice, and it can success list public key and secret key:
$ gpg --gpg --list-keys
Now I want to sign yyy#yyy.com with xxx#xxx.com's private key.
I have tried to only press enter, but it did not work and raises an error instead:
Invalid passphrase: please try again
Please enter the passphrase to unlock the secret key.
How to bypass the error?
Related
I am trying to set up my local computer to be able to send files up on github but for some reason i am facing several issues while doing so.
So this is what it shows on cmd.
And this is what it shows on github page.
As you can notice it shows i made the last change a week so obviously my commits weren't pushed to the main branch.
Please help me figure out what the problem is here.
The name of my repo on github is MyWebsite and the local folder is mywebsite. Perhaps that is causing the issue? I also have generated a ssh key if that's a matter of concern.
Thanks.
I will go through step by step what you need to do:
1.Checking for existing SSH keys
Before you generate an SSH key, you should check if you already have an existing SSH key. You can easily check for existing SSH keys by using the Git bash and entering the following command that lists the files in the .ssh directory which has been located most often on following path C:\Users\Jakobson\.ssh. For this example I used my path from my local.
Command for checking the files where ssh keys have been stored after generating is:
ls -al ~/.ssh
By default, the filenames of the public keys are one of the following:
id_rsa.pub id_ecdsa.pub id_ed25519.pub .
If .ssh directory haven't any existing files, you should generate new ssh key which is described in next step.
2.Set up an SSH key
You can generate an SSH key by running the ssh-keygen procedure on your computer. You will need to remember where you have saved the generated public and private RSA key pair. The steps for generating a new SSH key are:
Open the Git bash.
Enter the following command by entering your GitHub email address:
ssh-keygen -t ed25519 -C "youremailaddress"
Note: If you are using a legacy system that doesn’t support the Ed25519 algorithm, use:
ssh-keygen -t rsa -b 4096 -C "youremailaddress"
This creates a new SSH key using the provided email as a label.
Next thing git bash will ask you to enter the file destination where ssh keys will be generated like this:
> Enter a file in which to save the key (/c/Users/Jakobson/.ssh/id_ed25519):[Press enter]
If you press enter, it will be saved automatically in .ssh directory, or you can specify other destination path.
Then you will be asked to enter a passphrase. You can leave it empty.
> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter same passphrase again: [Type passphrase again]
After this, ssh keys will be generated in your .ssh directory.
3.Adding Your SSH Key to the ssh-agent
You can start the ssh-agent in the background by typing in your git-bash:
eval `ssh-agent -s
And then you can add the private key file that you have generated by typing:
ssh-add ~/.ssh/id_rsa
4.Adding the SSH Key to Your GitHub
You need to copy SSH public key to your GitHub.
Copy all content from C:\Users\Your machine name\.ssh\id_rsa.pub file
Go to https://github.com/settings/keys -> SSH and GPG keys and click on new ssh key. Name ssh key optionally, and paste content from your file. That is all.
If you want to add ssh key to specific repository on remote server, go to your repository settings, then go to deploy keys and add ssh key on the same way we did before. You can see that at this screenshot https://i.imgur.com/lPDrFN5.png
Note: If you need to type your password when you try to push on server again, type your fingerprint which has been generated after adding ssh key on your profile/settings/keys and value is something like: SHA256:rLiDkFpEz9FT3/9cNVu9NlL8BIxCS you will find that in your ssh keys of your profile.
You can create a new token at: https://github.com/settings/tokens
Generate a new token (classic); and
then try to git clone a repo.
After inserting the login name you will be asked to enter the password. Use the generated token as the password.
I can generate an ssh key with Sprig quite easily. But ideally I just need to put it in k8s secrets and display the public part to the user to import on the remote end.
https://play.golang.org/p/9oFBr9LD190
(for a full go example, but I don't get Go, just sprig in Helm.)
The Helm template alone just needs the template bit :
{{ genPrivateKey "rsa" }} to show the text of a key to go into secrets. But other than giving the user the command to query the key from the secret and run it through ssh-keygen :
kubectl get secret ... -o jsonpath=".data.ssh-key" | base64 -d | ssh-keygen -y -f/dev/stdin
is there a way to persuade Sprig to get the public part of the key? (Commands unchecked, but you get the idea.)
I want to release the artifact of a github action to a specific update repo, so that my software can use it to update itself. To verify the update in the local update process I want to sign this artifact. I chose to store the update itself and signature in separate files for now.
My github action would take the zipped artifact and should sign it with the given RSA4096 Private Key and should use SHA512 as a digest.
My github action for that looks as follows:
- name: Sign release
run: |
echo $PRIVATE_KEY > privatekey.pem
openssl dgst -sha512 -sign privatekey.pem -out latest.sig latest.zip
env:
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
This github action should take my private key from the repository's secrets, put it in an environment variable, and then put it in a local file so the following openssl command can take this private key to sign it. I went this way to hinder the private key itself being echo'ed to the log.
The private key value is as follows:
(This is of course not the actual private key but one I created solely for testing purposes until this github action works properly. This private key is only 1024 bits instead of the above mentiond 4096 bits. I will not use this private key afterwards anymore.)
-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgGwdzKeZPLdOHV+/iDpHHtEk7kephhI5eythCfmoqzy5CSx+GZ6X
Z1GiIzII+CtyN69cOgyzO99uPvquBkbo3lHL5+jZnOEue8nMub8iwPXZgDB6s8BV
sFevjLENx4LWJSZSo8rUn6al3bfoWJUySzkla9xc4g0GiO1K81zGeRH9AgMBAAEC
gYBTZbUs/vYny5i69+pkUeICoEMxgiHKQw6win0AWMwl3fGmoWqvu8hV3wTZHrQY
B1XO7gxVKZigo9Du23g6EH0UhGHZm9s4csjVXm8gVt7LghoOZq82nLmbe+XBrn+C
B3VeQbk7urD5mfdWx5zRYWGPjg/zaCGu47Apuuc1Kw0vvQJBAMhbyHvua2b/Fdbm
fbpO283aTPBaHYrexsqp5DZ8/DUet7BIB/p9yb4hVpV9nDH/WALSl1stfcfe260w
Lsm4/icCQQCKJDAi/ukBW2QpFy9evMNpR0KxtFIETxs6y5v0/EOoaqKDrFjjb7M2
svEybXa/y/AgYMxxVeNbFpfWSC4Sc+k7AkA2D2XJ4qvCD6PB51EXOv3dzkAiPf5o
oPF8b1ivRwv5/T7M5rKYaOZNUct97HV/nAkQQegq5txgWIZndW+6aBrTAkACNG2o
QVVKtkC0/y+8XVrpFUAVQgGFHBYdLB7DHDugNoN9goSwrJm5p8V9vo2Epiag/aqF
rI9CZuvpeaFynfL9AkEApFCO3IxSkXYwx4AjQwxcuVz1w5lUAL5LxvRlmqy8Jj0l
RgXLxBfGTQoTVL9/JuUjE7xLXWfYm+8u9k3KV3FJYQ==
-----END RSA PRIVATE KEY-----
The problem is the following log output of the github action when executing this step:
unable to load key file
6196:error:0909006C:PEM routines:get_name:no start line:crypto\pem\pem_lib.c:745:Expecting: ANY PRIVATE KEY
Which means that whatever was echoed to the privatekey.pem is not the actual private key secret value, but something else. I couldn't get the content of the file printed in subsequent tests. Not with a necho or cat command or anything similar, so I have actually no knowledge of what is written to the file, which makes it impossible for me to get any deeper into my analysis.
Is anyone here able to deduce some helpful tips or a solution to this problem?
It's likely that part of your problem is the lack of quoting. When you don't quote a variable in shell, it is split on whitespace (space, tab, and newline), so what you're passing to echo is several different arguments which, instead of being separated by newlines, are separated by spaces via echo.
You'd probably want to write this (note the quotation marks around $PRIVATE_KEY:
- name: Sign release
run: |
echo "$PRIVATE_KEY" > privatekey.pem
openssl dgst -sha512 -sign privatekey.pem -out latest.sig latest.zip
env:
PRIVATE_KEY: ${{ secrets.PRIVATE_KEY }}
In general, it's a good practice to place all variables in double quotes when using them unless you're certain that you want the shell to expand them.
Of course, all of this applies only if you're using a POSIX shell, which means that you need to be using Unix or bash on Windows, since the syntax you're using is POSIX shell syntax.
GitHub Actions, like most CI systems, tries to sanitize its output to prevent disclosing secrets that are accidentally printed to logs, which is why you were unable to print the value.
I am getting this error when trying to login with facebook.
The key hash does not match any stored key hashes.
I faced this similar error before but usually when this error appear, the facebook itself will show the key hash and what I do is just copy the key hash and register it in my facebook app. But the situation now is different because when I get the error above, I did not receive any key hash so I have no idea how to re-generate the key hash.
What I know is, you cannot use the command to re-generate another key hash for the second time like in the following code below.
keytool -exportcert -alias YOUR_RELEASE_KEY_ALIAS -keystore YOUR_RELEASE_KEY_PATH | openssl sha1 -binary | openssl base64
For additional information just in case if this is related, the app is previously developed and the first key hash generated from other device. I copied the project and use another laptop to do the debugging. Just a guess, maybe this is one of the reason why the facebook app isn't showing the mismatch key hash?
You can still generate the key hash with the command
keytool -exportcert -alias androiddebugkey -keystore "your-release-key-path" | "your-openssl-path" sha1 -binary |"your-openssl-path" base64
You may want to check this post How to create Android Facebook Key Hash?
I have very little knowledge about SSH etc. I was trying to add new SSH key on Github. For this I followed this procedure:
On Terminal
work#Nirvair:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/work/.ssh/id_rsa):
Created directory '/home/work/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/work/.ssh/id_rsa.
Your public key has been saved in /home/work/.ssh/id_rsa.pub.
Then there was key fingerprint and key's randomart image.
On Browser
I opened:
Github >> Settings >> SSH and GPG keys >> New SSH key
It asked for Title and Key. I gave some title and then I copied my key id_rsa.pub there. It gave an error:
Key is invalid. It must begin with 'ssh-ed25519', 'ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', or 'ecdsa-sha2-nistp521'. Check that you're copying the public half of the key
I have no idea how to proceed further. Please tell me where I am wrong or direct me to a good tutorial.
OS details: Ubuntu 14.04.5
Thanks!
PS: I tried to read about "key fingerprint" and "key's randomart image" over the internet but everything went over my head
Are you sure you perfectly copied your public key?
Execute
cat /home/work/.ssh/id_rsa.pub
and copy everything to your clipboard.
You can also try with xclip:
xclip -sel clip < /home/work/.ssh/id_rsa.pub