vcert icon indicating copy to clipboard operation
vcert copied to clipboard
verified publisher icon Venafi

Consumers can now request private keys (for SSH certificates) protected by a passphrase

Open achuchev opened this issue 3 years ago • 3 comments

  • The PrivateKeyPassphrase attribute was missing, so consumers cannot request private keys protected by a passphrase.
  • Remove PrivateKeyFormat from the SSH cert data structure. This option has never been implemented on the server side.

achuchev avatar Oct 07 '22 21:10 achuchev

Changes looks good @achuchev , could you add a unit test for this?

luispresuelVenafi avatar Oct 11 '22 20:10 luispresuelVenafi

@luispresuelVenafi Do you mind to point me where I can find similar tests?

achuchev avatar Oct 12 '22 17:10 achuchev

Sure @achuchev, you could take this test as an example: https://github.com/Venafi/vcert/blob/master/pkg/venafi/tpp/connector_test.go#L2107

You could do the following tests:

  • Provide the passphrase in the request and after the retrieve operation, that passphrase still works for opening the private key.
  • Negative test: Provide a passphrase in the request and try to open the private key without providing the passphrase; it should fail.

luispresuelVenafi avatar Oct 12 '22 17:10 luispresuelVenafi