Jira (PUP-9466) Readd password protected private key support
Title: Message Title Heston Hoffman updated an issue Puppet / PUP-9466 Readd password protected private key support Change By: Heston Hoffman Labels: resolved-issue-added Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.293409.1548380786000.43181.1560294600501%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper commented on PUP-9466 Re: Readd password protected private key support Merged to master in https://github.com/puppetlabs/puppet/commit/a2d63bd0ccca3577ef1f9753588624f64f74dce6 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.293409.1548380786000.1162.1557518100219%40Atlassian.JIRA. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper commented on PUP-9466 Re: Readd password protected private key support Some more context on why GCM doesn't seem to work for password protected private keys: https://github.com/openssl/openssl/issues/7720 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9466 Readd password protected private key support Change By: Josh Cooper Issue Type: New Feature Bug Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9466 Readd password protected private key support Change By: Josh Cooper Release Notes Summary: If the private key password file (Puppet[:passfile]) exists and the agent doesn't yet have a private key, it will generate a new one, and use the contents of the passfile to encrypt the private key on disk. The key will be encrypted using AES-128-CBC. If the agent already has an unencrypted private key, then no changes will occur. Puppetserver does not currently support private key passwords, so this should only be enabled on agent-only nodes. Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9466 Readd password protected private key support Change By: Josh Cooper Release Notes Summary: If the private key password file (Puppet[:passfile]) exists and the agent doesn't yet have a private key, it will generate a new one, and use the contents of the passfile to encrypt the private key on disk. The key will be encrypted using AES-128-CBC. If the agent already has an unencrypted private key, then no changes will occur. Release Notes: Bug Fix Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper assigned an issue to Josh Cooper Puppet / PUP-9466 Readd password protected private key support Change By: Josh Cooper Assignee: Josh Cooper Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9466 Readd password protected private key support Change By: Josh Cooper Sprint: Coremunity Grooming Platform Core KANBAN Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9466 Readd password protected private key support Change By: Josh Cooper Fix Version/s: PUP 6.5.0 Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9466 Readd password protected private key support Change By: Josh Cooper Sprint: Coremunity Grooming Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-9466) Readd password protected private key support
Title: Message Title Josh Cooper created an issue Puppet / PUP-9466 Readd password protected private key support Issue Type: New Feature Assignee: Unassigned Created: 2019/01/24 5:46 PM Priority: Normal Reporter: Josh Cooper If passfile exists when puppet starts for the first time, then it will encrypt its private key using 3DES-CBC. However, the current implementation is a bit dubious. If puppet tries to load an encrypted private key and the passfile does not exist, then ruby will hang due to openssl prompting for the password. Ruby uses the legacy PEM_write_* methods that only use 1 iteration. Per https://www.openssl.org/docs/man1.0.2/crypto/pem.html "The encryption key is determined using EVP_BytesToKey(), using salt and an iteration count of 1" and https://github.com/ruby/openssl/issues/13. Also puppetserver does not support password protected private keys, so it can't be enabled on server hosts. Add Comment
