[jira] [Updated] (ZOOKEEPER-4867) Cannot use encrypted PEM certificate

Chris Sampson (Jira) Sat, 05 Oct 2024 15:58:09 -0700


     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-4867?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Chris Sampson updated ZOOKEEPER-4867:
-------------------------------------
    Description: 
TLS can be enabled in ZooKeeper and configured using PEM formatted files.

However, if the PEM file contains an encrypted EC (or RSA) private key, 
ZooKeeper is not able to find it within the PEM file.

The {{PemReader.loadPrivateKey}} method's RegEx does not match such a key, for 
example:

{code}
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,e49

rdz
-----END EC PRIVATE KEY-----
{code}

This appears to be because the RegEx does not allow {{-}} or {{,}} characters 
within the body of the private key.

There may be other problems with using such keys beyond the RegEx matching.

  was:
TLS can be enabled in ZooKeeper and configured using PEM formatted files.

However, if the PEM file contains an encrypted EC private key, ZooKeeper is not 
able to find it within the PEM file.

The {{PemReader.loadPrivateKey}} method's RegEx does not match such a key, for 
example:

{code}
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,e49

rdz
-----END EC PRIVATE KEY-----
{code}

This appears to be because the RegEx does not allow {{-}} or {{,}} characters 
within the body of the private key.

There may be other problems with using such keys beyond the RegEx matching.


> Cannot use encrypted PEM certificate
> ------------------------------------
>
>                 Key: ZOOKEEPER-4867
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4867
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: quorum, server
>    Affects Versions: 3.9.2
>            Reporter: Chris Sampson
>            Priority: Major
>
> TLS can be enabled in ZooKeeper and configured using PEM formatted files.
> However, if the PEM file contains an encrypted EC (or RSA) private key, 
> ZooKeeper is not able to find it within the PEM file.
> The {{PemReader.loadPrivateKey}} method's RegEx does not match such a key, 
> for example:
> {code}
> -----BEGIN EC PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: AES-256-CBC,e49
> rdz
> -----END EC PRIVATE KEY-----
> {code}
> This appears to be because the RegEx does not allow {{-}} or {{,}} characters 
> within the body of the private key.
> There may be other problems with using such keys beyond the RegEx matching.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (ZOOKEEPER-4867) Cannot use encrypted PEM certificate

Reply via email to