Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: PEM_read_bio_PUBKEY after upgrade to Node 10.10 #22815

Closed
YangYu000 opened this issue Sep 12, 2018 · 8 comments
Closed

Error: PEM_read_bio_PUBKEY after upgrade to Node 10.10 #22815

YangYu000 opened this issue Sep 12, 2018 · 8 comments
Assignees
Labels
confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem.

Comments

@YangYu000
Copy link

  • Version: v10.10.0
  • Platform: Linux 4.9.0-8-amd64 deps: update openssl to 1.0.1j #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64 GNU/Linux (actually, both Ubuntu and Debian, I have bunch of servers running the service)
  • Subsystem: Crypto (I guess)

My code is like

const FS = require('fs');
const JWT = require('jsonwebtoken');
const certPem = FS.readFileSync('./public.pem');
const token = 'xxxx';
JWT.verify(token, certPem, {}, (error, payload) => { ... });

and runs without problem with Node 8 and Node 10.8/10.9 (Ubuntu and Debian, NodeJS offical APT source)

After I upgrade to Node 10.10 yesterday, on JWT.verify throws

Error: PEM_read_bio_PUBKEY failed
    at Verify.verify (internal/crypto/sig.js:122:23)
    at Object.verify (/my/project/path/node_modules/jwa/index.js:89:21)
    at Object.jwsVerify [as verify] (/my/project/path/node_modules/jws/lib/verify-stream.js:54:15)
    at /my/project/path/node_modules/jsonwebtoken/verify.js:116:19
    at getSecret (/my/project/path/node_modules/jsonwebtoken/verify.js:76:14)
    at Object.module.exports [as verify] (/my/project/path/node_modules/jsonwebtoken/verify.js:80:10)
@addaleax
Copy link
Member

@nodejs/crypto

@addaleax addaleax added the crypto Issues and PRs related to the crypto subsystem. label Sep 12, 2018
@tniessen
Copy link
Member

tniessen commented Sep 12, 2018

This points to #22553, I'll investigate later.

@tniessen
Copy link
Member

@YangYu000 Would it be possible to upload public.pem? Actually, any public key that fails would be enough, it is important to include data surrounding the PEM key though, e.g. whitespace.

@tniessen
Copy link
Member

tniessen commented Sep 12, 2018

I cannot reproduce this using Node.js 10.9.0 vs 10.10.0 using the code

const assert = require('assert');
const fs = require('fs');
const jwt = require('jsonwebtoken');

const privateKey = fs.readFileSync('./private.pem');
const publicKey = fs.readFileSync('./public.pem');

const token = jwt.sign('Hello world!', privateKey, { algorithm: 'RS256' });
console.log(token);
const payload = jwt.verify(token, publicKey);
console.log(payload);

Valid keys don't produce any errors and any invalid keys I tried produce errors in both versions. It would be helpful to have an example with a key pair that works in previous versions.

@YangYu000
Copy link
Author

@tniessen sorry, the pem file in code is confidential and currently using widely in my company business, so I can't show it in public.
But I may generate another for test usage, please wait me for one or two days, thanks.

@tniessen
Copy link
Member

@YangYu000 That would be great! As long as the error message pops up, any key pair would be enough.

@tniessen
Copy link
Member

Ping @YangYu000.

@YangYu000
Copy link
Author

@tniessen Sorry for the delay.
Here's a pem file content ok with node 10.9 and before but fail in 10.10

Bag Attributes
    localKeyID: 21 54 3F 46 7D 44 84 94 F8 7C EE F2 9D 6D 33 1D 27 3E 97 C2
subject=/C=CN/ST=Shanghai/L=Shanghai/O=FungoTec/OU=Tech/CN=Name/[email protected]
issuer=/C=CN/ST=Shanghai/L=Shanghai/O=FungoTec/OU=Tech/CN=Name/[email protected]
-----BEGIN CERTIFICATE-----
MIID6DCCAtCgAwIBAgIJAMguk3GtYYASMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
VQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkxETAPBgNVBAcMCFNoYW5naGFpMREw
DwYDVQQKDAhGdW5nb1RlYzENMAsGA1UECwwEVGVjaDENMAsGA1UEAwwETmFtZTEi
MCAGCSqGSIb3DQEJARYTZWR5dXlAem15c2VyaWVzLmNvbTAeFw0xODA5MjkwMjQw
MjNaFw0xOTA5MjkwMjQwMjNaMIGIMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hh
bmdoYWkxETAPBgNVBAcMCFNoYW5naGFpMREwDwYDVQQKDAhGdW5nb1RlYzENMAsG
A1UECwwEVGVjaDENMAsGA1UEAwwETmFtZTEiMCAGCSqGSIb3DQEJARYTZWR5dXlA
em15c2VyaWVzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY5
M0l1NFMwkwQ8kCgRGD6rZFYPO4GRC6ZfzpEu/ztnFurBH0M4Ifu4JFcuAT+qcQ6I
hFvsADN9mSKtnQVaSzzOAfuLqCiWQ3g1/5gf0lXC2d32iUT7m6f/ZaJ1ZZ0yU/Km
aG2X1BvBR3fW+CpOvSamyLxr/5u3+vl+gLTTv0lRvU7ShVwAFPyeTZ3KmokrPMnP
UlCWakMpzHZb9t0oxlxrUfNkitk5s5F9jNUYZG+fWH+EvB43JnwiUnkAFP3nCvZa
kkX0Z8dQSRtaKPqGApLVY+BWfcjuA4Hz2Cj1BEh8iywtz5A9uoU6Hg1OP66KRy+f
fyx6GhndpJpU0sp+wdcCAwEAAaNTMFEwHQYDVR0OBBYEFFyMaRDETz+7SYnNBlOh
LysLNgSLMB8GA1UdIwQYMBaAFFyMaRDETz+7SYnNBlOhLysLNgSLMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE9ovT4y82Z7t15XCB0qILuF0dbu
AHbmMP8+bk9iXTVrQ48NkTvpmVMgHMeBWrR48JdYZDhSdN00OSoihjUXhixUvY+9
dr4cpT3lZZYSBKIhd50TMWjrCnD6lLB4HQpWinrLITfty80YWVDgAobENpwCtMNx
GTs25+XbQgZWrudUQJWHQra2EontAVMMxTjhJBLnWdiKF8wrISCqMoi+ENDvfNtv
elqxoHs6wlzSEE7QEyqozSZPNeRhV6pcaHYHrQtUMCWbAL/YCNXrJrr5WIiNcpBM
R0aaAJjE+3dnz925GZh0e89p5gy9yg/SMWXrJEqUh+sV45k44no3yiTmGrM=
-----END CERTIFICATE-----

@tniessen tniessen added the confirmed-bug Issues with confirmed bugs. label Sep 29, 2018
@tniessen tniessen self-assigned this Sep 29, 2018
tniessen added a commit to tniessen/node that referenced this issue Sep 29, 2018
targos pushed a commit that referenced this issue Oct 3, 2018
PR-URL: #23164
Fixes: #13612
Fixes: #22815
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants