To connect to a gateway, I would like to use a key + cert file in my graphman configuration; like so:
"test": {
"address": "https://mygateway.local:8443/graphman",
"rejectUnauthorized": false,
"keyFilename": "user.privkey.pem",
"certFilename": "user.pem",
"allowMutations": false
},
I've placed both files in the graphman home. Naturally, I would like the keyFile to contain an encrypted key.
If I create a private key using the gateway and export it as an encrypted P12; using it in my config and connecting to a gateway gives me:
[error] error encountered while processing the graphman operation
[error] name: Error
[error] message: error:1E08010C:DECODER routines::unsupported
Error: error:1E08010C:DECODER routines::unsupported
at setKey (node:internal/tls/secure-context:93:11)
at configSecureContext (node:internal/tls/secure-context:209:7)
at Object.createSecureContext (node:_tls_common:113:3)
at Object.connect (node:_tls_wrap:1764:48)
at Agent.createConnection (node:https:173:22)
at Agent.createSocket (node:_http_agent:324:26)
at Agent.addRequest (node:_http_agent:276:10)
at new ClientRequest (node:_http_client:347:16)
at Object.request (node:https:381:10)
at Object.invoke (C:\Users\EVERTSRPA\AppData\Roaming\npm\node_modules\@layer7\graphman\modules\graphman.js:227:119) {
library: 'DECODER routines',
reason: 'unsupported',
code: 'ERR_OSSL_UNSUPPORTED'
}
If I export the key using KeyStore Explorer as PEM using PBE with 256 bit AES CBC and use that, the following is output when connecting to a gateway:
[info] exporting from test gateway
[error] error encountered while processing the graphman operation
[error] name: Error
[error] message: error:1C800064:Provider routines::bad decrypt
Error: error:1C800064:Provider routines::bad decrypt
at setKey (node:internal/tls/secure-context:93:11)
at configSecureContext (node:internal/tls/secure-context:209:7)
at Object.createSecureContext (node:_tls_common:113:3)
at Object.connect (node:_tls_wrap:1764:48)
at Agent.createConnection (node:https:173:22)
at Agent.createSocket (node:_http_agent:324:26)
at Agent.addRequest (node:_http_agent:276:10)
at new ClientRequest (node:_http_client:347:16)
at Object.request (node:https:381:10)
at Object.invoke (C:\Users\XXXXXXXXXX\AppData\Roaming\npm\node_modules\@layer7\graphman\modules\graphman.js:227:119) {
opensslErrorStack: [ 'error:04800065:PEM routines::bad decrypt' ],
library: 'Provider routines',
reason: 'bad decrypt',
code: 'ERR_OSSL_BAD_DECRYPT'
}
So now it actually seems to accept the key but cannot decrypt it.
I've tried to put the passphrase for decryption of the key in the config:
"passphrase": "mysecretphrase"
also tried to pass it as commandline parameter to graphman, but cannot seem to get the PEM key decrypted successfully.
When using an unencrypted PEM key, everything works fine, but that is far from ideal.
Could you advise me on what encryption I should be using for my keyfile and how do I pass the decryption secret?
Best Regards,
Robert Everts
To connect to a gateway, I would like to use a key + cert file in my graphman configuration; like so:
I've placed both files in the graphman home. Naturally, I would like the keyFile to contain an encrypted key.
If I create a private key using the gateway and export it as an encrypted P12; using it in my config and connecting to a gateway gives me:
If I export the key using KeyStore Explorer as PEM using PBE with 256 bit AES CBC and use that, the following is output when connecting to a gateway:
So now it actually seems to accept the key but cannot decrypt it.
I've tried to put the passphrase for decryption of the key in the config:
also tried to pass it as commandline parameter to graphman, but cannot seem to get the PEM key decrypted successfully.
When using an unencrypted PEM key, everything works fine, but that is far from ideal.
Could you advise me on what encryption I should be using for my keyfile and how do I pass the decryption secret?
Best Regards,
Robert Everts