Changeset 1310 for branches


Ignore:
Timestamp:
04/01/15 18:45:08 (9 years ago)
Author:
nanardon
Message:

Don't use SSH storage form

After several hour to try to figure out it seems Crypt::RSA::Key::Private::SSH
is unable to properly encrypt the private, making everything readable.

This patch replace the SSH form by the native one.

Location:
branches/4.0
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • branches/4.0

    • Property svn:mergeinfo changed
      /trunkmerged: 1309

  • branches/4.0/LATMOS-Accounts/bin/la-sql-crypt-passwd

    r1239 r1310  
    9494            $clear_passwd{$_} = $clearp; 
    9595        } else { 
    96             warn "$_ :" . $rsa->errstr(); 
     96            die "Cannot get password for $_, crypt module said :" . $rsa->errstr(); 
    9797        } 
    9898    } 

  • branches/4.0/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql.pm

    r1294 r1310  
    1212use Crypt::RSA::Key::Public::SSH; 
    1313use Crypt::RSA::Key::Private::SSH; 
     14use Crypt::RSA::Key::Public; 
     15use Crypt::RSA::Key::Private; 
    1416use MIME::Base64; 
    1517 
     
    225227    my ($public, $private) = $rsa->keygen ( 
    226228        Identity  => 'LATMOS-Accounts', 
    227         Size      => 768, 
     229        Size      => 2048, 
    228230        Password  => $password, 
    229231        Verbosity => 0, 
    230         KF=>'SSH', 
    231232    ) or die $rsa->errstr(); # TODO avoid die 
    232233    return ($public, $private); 
     
    243244    my $base = $self; 
    244245    my $serialize = $base->get_global_value('rsa_private_key') or return; 
    245     my $privkey = Crypt::RSA::Key::Private::SSH->new; 
    246     $privkey->deserialize(String => [ decode_base64($serialize) ], 
    247         Passphrase => $password); 
    248     $privkey 
     246    my $string = decode_base64($serialize); 
     247    my $privkey = $string =~ /^SSH PRIVATE KEY FILE/ 
     248        ? Crypt::RSA::Key::Private::SSH->new 
     249        : Crypt::RSA::Key::Private->new; 
     250    $privkey = $privkey->deserialize( 
     251        String => [ $string ], 
     252        Password => $password 
     253    ); 
     254    $privkey->reveal( Password => $password ); 
     255    $privkey; 
    249256} 
    250257 
     
    280287    my ($self, $public, $private) = @_; 
    281288    my $base = $self; 
     289    $private->hide; 
    282290    $base->set_global_value('rsa_private_key', 
    283291        encode_base64($private->serialize)); 

  • branches/4.0/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/objects.pm

    r1301 r1310  
    493493 
    494494            if (my $serialize = $self->base->get_global_value('rsa_public_key')) { 
    495                 my $public = Crypt::RSA::Key::Public::SSH->new; 
    496                 $public->deserialize(String => [ $serialize ]); 
     495                my $public = Crypt::RSA::Key::Public->new; 
     496                $public = $public->deserialize(String => [ $serialize ]); 
    497497                my $rsa = new Crypt::RSA ES => 'PKCS1v15'; 
    498498                my $rsa_password = $rsa->encrypt ( 
     
    500500                    Key        => $public, 
    501501                    Armour     => 1, 
    502                 ) || die $self->poll->rsa->errstr(); 
     502                ) || die $rsa->errstr(); 
    503503                if (!$self->_set_c_fields('encryptedPassword', $rsa_password)) { 
    504504                    $self->log(LA_ERR, 
Note: See TracChangeset for help on using the changeset viewer.