Menu
I'm following this guide in order to set up Continuous Integration for my Salesforce development. It says to create a RSA private key and from this create a key file and after that generate a certificate. But I get some errors and cant find my answer online.
image of commands
As seen in the image I tried openssl genrsa -des3 -passout pass:x -out server.pass.key 2048 and get the following error.
Generating RSA private key, 2048 bit long modulus (2 primes)
....+++++
.......................+++++
e is 65537 (0x010001)
484:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters
484:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters
484:error:0906906F:PEM routines:PEM_ASN1_write_bio:read key:crypto/pem/pem_lib.c:357:
I figured 2048 was a to big number (dont know why) so I used openssl genrsa -des3 -passout pass:x -out server.pass.key 1023 and it worked with the following as result.
Generating RSA private key, 1023 bit long modulus (2 primes)
................................................+++++
.......................+++++
e is 65537 (0x010001)
When trying to create a key from the RSA private key with this command openssl rsa -passin pass:x -in server.pass.key -out server.key I got another error saying it is unable to load the private key. This was the output.
unable to load Private Key
20536:error:28078065:UI routines:UI_set_result_ex:result too small:crypto/ui/ui_lib.c:903:You must type in 4 to 1023 characters
20536:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:crypto/evp/evp_enc.c:570:
20536:error:0906A065:PEM routines:PEM_do_header:bad decrypt:crypto/pem/pem_lib.c:461:
This is the file that was created:
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,647BC276259FFAB6
UZaGpWtLuxhhU5bFNpYMcbb2pZcmPccQOfyLeJ555oECpv7sd2qNaZn1dQOZaahy
nGDLZdOtHZ6rKZD2jZ99HcxDS9sdys9JRNHXo4fzEJb3q7Qo+rMwFyiL1NVVmkUL
+ib9FifiFdKB+WCza18dAQEGaMA0af7InrMo86wBlP1Qn6oU4kvaxG2JY1zqu1BG
NBVUyQB1NEhzeEYs4acXWT7mSW+blkofzycGlQ24eaBP/SMtP+qACPsJ2aL6vc8j
ofK7GT6vmL1TYebHD4fBTNuTVFNSZx1WkZNBUwAW9LSnxfBXE62bVoqxlaXuFBJW
+xUZ/Y8V3Hnlz5n7nsXieMN7xMMfelt11yFH3qOSvZYao+8XfsQMDSIeTtEaqVhc
veBfL9UGkM0ePgEN8Ewdxau9clDbPBphfi0UIJfS+MJKixmykTIYepBU2HIjHjdZ
co2nOIb7DgIsTKzf3Lec5PPmZRXMAGa1cPq1qLLnga6BA/pz9UMtkKuzJX7q+OoI
pcp1WRTN6Pwavm7mrdGmaiU/VHVGuC4KKdIquQ7iIlsy4s/YD5bVzWxVpAFDsyZ7
IRGI0Ac+0+1h2jm3XctYGFRm6FueOg2XuDHgF3E0W9XrZ1rMTLP27N8gSw4AIFi9
Nu035TlvADkR5EJUZq6YQrne7Yp7cS8yEuZ/eJfWDgKJ6MuHHky5iVOZivyQkL1X
FYNi4NF6QHImZdQUJ0n+on8xlG501ZpCrjCMk/GoY/VdgMWZz90Ri6x1f8TdVk5O
UY6CuBsMcWUV6WwIBeVV0oiAlyBb7JsmevHXfU77ep4=
-----END RSA PRIVATE KEY-----```
271
asked May 27 '19 16:05
Public keys and private keys come in pairs. The pair is called a key pair. The basic idea of a public key cryptosystem is that the public key can be easily derived from the private key, but the private key cannot be practically derived from the public key.
ssh-keygen , the OpenSSH command used to generate keys, uses the OpenSSL library, so there's really no difference between the two methods. You can safely use ssh-keygen which is the default and more immediate tool to create a key pair for SSH pubkey authentication.
The password is too short for the version of openssl you are using. It appears to require at least 4 characters. Try this instead:
openssl genrsa -des3 -passout pass:xxxx -out server.pass.key 2048
Of course that is not a good password, but if it works, that will confirm the cause of the error message you received. On decryption, use the longer password, too:
openssl rsa -passin pass:xxxx -in server.pass.key -out server.key
The Salesforce Instructions for this Project currently say, in relevant part, ...pass:x. I changed it to pass:xxxx as suggested above and received "writing RSA key" instead of the errors described by the original poster.
34
answered Oct 20 '22 02:10
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With