singularity
singularity copied to clipboard
apptainer
Error nicely or handle PKCS8 as well as trad pem/PKCS1 for encryption keys
Version of Singularity:
master f0cd4b48
Expected behavior
PKCS8 is the default style of PEM that will come out of the familiar openssl tool and other things people might try to use to generate an rsa keypair, and is likely to be a format for existing key files people may want to use with singularity.
A nice error should be provided specifying a traditional (PKCS1) pem file is required.
Ideally if a PKCS8 format pem file is provided to singularity for encrypted operations it should work, but this would involve thinking about handling passphrase protected PEMs and handling or rejecting nicely different algorithms etc.
Actual behavior
Build errors with a confusing error.
FATAL: While performing build: while creating SIF: while encrypting filesystem key: loading public key for key encryption: asn1: structure error: tags don't match (2 vs {class:0 tag:16 length:13 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} @2
Steps to reproduce behavior
Create a pem file in PKCS8 format such as:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxrohGbO7ryXUdYbBpj9P
Z4nKSoiAnX+JFVzazhLvR5ueCaez+AJTl/1WKzLMfm1+mJf6Msuu8eDJo6Miamel
YGjJaI6ZD3xfB2tP4uLwIWk0uo02nagtllad/5BTMlzMtTiSLaZy480acPvhmiHL
hJEJxQ0jndlyjsSUR/YAr5PgDMbklk5zk3bKq+AbMjzbN762JPVPD5UtpoNUH3zh
Y5YlVmJbnrCZqB8dUUN+pcxNXkWLrKnuc6JQiyiufJxH429ErsF2hwkMpag6i+Xa
Kr277eBQdXvXc+yYBwELFkf3DePW1dD7u7OV6AHUmKOr68a2Q0R4ldUXKga5fA7z
qwIDAQAB
-----END PUBLIC KEY----
Run an encrypted build:
$ sudo SINGULARITY_ENCRYPTION_KEY=pem://$(pwd)/pair1_rsa.pub singularity build testpair1.sif docker://alpine
[sudo] password for dave:
INFO: Starting build...
Getting image source signatures
Skipping fetch of repeat blob sha256:0503825856099e6adb39c8297af09547f69684b7016b7f3680ed801aa310baaa
Copying config sha256:4fa153a82426ad308e69dde53d77abb1bbfb9d069bdfbdd7db50f615bd92d7ae
585 B / 585 B [============================================================] 0s
Writing manifest to image destination
Storing signatures
INFO: Creating SIF file...
FATAL: While performing build: while creating SIF: while encrypting filesystem key: loading public key for key encryption: asn1: structure error: tags don't match (2 vs {class:0 tag:16 length:13 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} @2
Hello,
This is a templated response that is being sent out to all open issues. We are working hard on 'rebuilding' the Singularity community, and a major task on the agenda is finding out what issues are still outstanding.
Please consider the following:
- Is this issue a duplicate, or has it been fixed/implemented since being added?
- Is the issue still relevant to the current state of Singularity's functionality?
- Would you like to continue discussing this issue or feature request?
Thanks, Carter
This issue has been automatically marked as stale because it has not had activity in over 60 days. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Still getting this problem ? Have this been solved already ? If yes, what work around have you followed and applied ?
We're looking into the issue carefully, soon will bring to community and discuss ways to better solve as well address this. Thankyou for keeping interest over the subject.
Migrated to the new Apptainer repo https://github.com/apptainer/apptainer/issues/1158
