Dart-Basic-Utils icon indicating copy to clipboard operation
Dart-Basic-Utils copied to clipboard

Published 20 hours ago verified publisher icon Ephenodrom

Private key invalid

Open redDwarf03 opened this issue 2 years ago • 2 comments

I have this error type 'ASN1OctetString' is not a subtype of type 'ASN1Integer' in type castwhen i try to control validity of a private key

-----BEGIN PRIVATE KEY-----
xxxxxxxx
-----END PRIVATE KEY-----

I create my certificate with certbot CLI certbot certonly --manual --domain example.com --preferred-challenges dns

This command will request a certificate to Let's Encrypt about example.com and will require to prove the ownership of the domain with a DNS challenge.

The certificate can be found at: /etc/letsencrypt/live/example.com/cert.pem and the key at: /etc/letsencrypt/live/example.com/privatekey.pem

To control my private key, i used this method


  static (bool, String) validPrivateKeyFromFile(Uint8List privateKey) {
    try {
      CryptoUtils.rsaPrivateKeyFromPem(utf8.decode(privateKey));
      return (true, '');
    } catch (e) {
      log(e.toString());
      return (
        false,
        e.toString(),
      );
    }
  }

And it seems not working in the line


  ///
  /// Decode the given [bytes] into an [RSAPrivateKey].
  ///
  static RSAPrivateKey rsaPrivateKeyFromDERBytes(Uint8List bytes) {
    var asn1Parser = ASN1Parser(bytes);
    var topLevelSeq = asn1Parser.nextObject() as ASN1Sequence;
    //ASN1Object version = topLevelSeq.elements[0];
    //ASN1Object algorithm = topLevelSeq.elements[1];
    var privateKey = topLevelSeq.elements![2];

    asn1Parser = ASN1Parser(privateKey.valueBytes);
    var pkSeq = asn1Parser.nextObject() as ASN1Sequence;

    var modulus = pkSeq.elements![1] as ASN1Integer; <------------------------ Error Parsing
    //ASN1Integer publicExponent = pkSeq.elements[2] as ASN1Integer;
    var privateExponent = pkSeq.elements![3] as ASN1Integer;
    var p = pkSeq.elements![4] as ASN1Integer;
    var q = pkSeq.elements![5] as ASN1Integer;
    //ASN1Integer exp1 = pkSeq.elements[6] as ASN1Integer;
    //ASN1Integer exp2 = pkSeq.elements[7] as ASN1Integer;
    //ASN1Integer co = pkSeq.elements[8] as ASN1Integer;

    var rsaPrivateKey = RSAPrivateKey(
        modulus.integer!, privateExponent.integer!, p.integer, q.integer);

    return rsaPrivateKey;
  }

Any idea ?

Thx

redDwarf03 avatar Jun 27 '23 20:06 redDwarf03

Did you find a solution yet ? The method should handle rsa private keys and it is testet with real life examples from openssl.

Therefore some questions :

  • Are you sure you have a rsa private key
  • Are you sure the Uint8List representing the private key, contains the PEM header / footer ?
  • Do you know if it is a private key is in PKCS1 format ? Try using the method rsaPrivateKeyFromDERBytesPkcs1().

Regards

Ephenodrom avatar Jul 05 '23 17:07 Ephenodrom

No, i didn't find a solution. I commented on my control in my app. I published without the control the certificate and private key on the server and it worked. So I think the key is good otherwise the server wouldn't be able to manage the certificate.

redDwarf03 avatar Jul 10 '23 09:07 redDwarf03