I'm trying to upload a file to an sftp holding a public key. I have the private key in my project I generated through ssh-keygen with a passphrase set. I have tried this:
public void configure() throws Exception {
var connection =
sftpProperties
.getSftpForEntity("target")
.orElseThrow(SftpProperties.noSuchEntity("target"));
var privateKey = ArrayUtils.toObject(Files.readAllBytes(Path.of("src/main/resources/id_rsa")));
from(
file("test")
)
.to(
sftp(connection.getConnectionString("/hello"))
.username(connection.getUser())
.privateKeyPassphrase("pass")
.privateKey(privateKey)
);
}
}
org.apache.camel.component.file.GenericFileOperationFailedException: Cannot connect to sftp://arcapptest#us2.hostedftp.com:22
...
Caused by: com.jcraft.jsch.JSchException: invalid privatekey: [B#71068da
It seems like the passphrase isn't being applied. I've also tried this:
.to(
sftp(floridaConnection.getConnectionString("/hello"))
.username(floridaConnection.getUser())
.privateKeyPassphrase("pass")
.privateKeyFile("src/main/resources/id_rsa")
);
with same result.
I've tried using the unencrypted private key, and that works.
The problem was the encryption of the private key. Camel uses JSch to deal with the key, and it needed to be PEM. I converted the key using this: ssh-keygen -p -f /path/to/key -m pem. After, the passphrase could be used to read the key.
Related
If a user have 2 pairs of public and private key, how can the server that has the public keys know which one to use? The server should encrypt the message using the public key to that private key, however how does it know?
No. SSH does not do Encrypt&Decrypt, but Sign&Verify sequence.
The server sends some data, client signs them using its private key and server can verify the data using all of the public keys it has stored in authorized_keys file.
But in real world, there is optional phase before doing all the above. The client sends also the public keys to match correct public part on the server.
I'm trying to read the PKCS#12 file and extract private key programmatically in C. I've found here solution, but this program automatically decrypts my private key and checks only the PKCS#12 file password. Is there any way to also verify the private key passphrase?
In my Camel router:
from(<SourceURI>)
.process(new Processor() {
#Override
public void process(Exchange exchange) throws Exception {
// I want to extract the file object from the exchange
}
.to(<targetURI>).
How can I achieve this?
I tried e.g. exchange.getIn().getHeader(Exchange.FILE_NAME, String.class) which gives me the file name.
I am searching for something Exchange.FILE which gives me the actual file object. My Ultimate goal is to extract the file in the processor as the routed exchange is an archive file.
Get the file from the body. Camel uses a 'org.apache.camel.component.file.GenericFile' to store as the file body. But you can use Camel's type converters to get the file in a type you want.
For example you can get the content in different types, such as:
String text = exchange.getIn().getBody(String.class);
byte[] bytes = exchange.getIn().getBody(byte[].class);
InputStream is = exchange.getIn().getBody(InputStream.class);
For those who have a from("file:...") the following works:
File in = exchange.getIn().getBody(File.class);
Are the exported private keys gotten by executing gpg --export-secret-keys still encrypted and protected by their passphrase? This seems to be the case but I can't find anywhere that explicitly confirms this.
If the exported keys are still encrypted then is there anyway to get the pure, unencrypted private key (like you can for the public segment)?
Exported secret keys are encrypted by default, however --export-options export-reset-subkey-passwd will produce an unprotected export:
When using the --export-secret-subkeys command, this option resets the passphrases for all exported subkeys to empty. This is useful when the exported subkey is to be used on an unattended machine where a passphrase doesn't necessarily make sense. Defaults to no.
Are exported secret keys still protected by their passphrase? You could find the answer to this so easily by exporting and then importing a secret key.
GnuPG has no simple way to export a private key in the way you describe. I can only hope you have a good reason for wanting to do this, and that you're aware of how dangerous it is to let the bits and bytes of an unprotected private key touch a disk. That said, the only option I see is to remove the passphrase before exporting...
gpg --edit-key KEYID
> passwd
> *(Press Enter twice, i.e., use a blank passphrase)*
> save
PS: This should be moved to Superuser; it's off-topic here.
Yes secret keys are encrypted after exporting. Once you've imported the private key file via the following command:
gpg --import <name of your private key>.pgp
It will prompt you to enter the correct passphrase (same passphrase used to create the private key in the first place).
From pkcs12 file, I extracted the private key and cert using the following -
PKCS12_parse(p12, argv[2], &privatekey, &cert, &ca);
Now, I need to use the privatekey and cert to sign an XML using xmlsec libraries.
However, xmlSecCryptoAppKeyLoad() expects the key in const char* format.
How do I do the conversion?
Or, can I use xmlSecCryptoAppKeyLoadMemory() and privatekey without having to do the conversion?
If you use the XMLSEC-OpenSSL interface, the xmlSecOpenSSLEvpKeyAdopt() function loads an xmlsec key object from an OpenSSL EVP_PKEY *, and xmlSecOpenSSLKeyDataX509AdoptKeyCert() loads an OpenSSL X509 certificate.