Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: RSTUF admin ceremony fails for non-identical keys being considered identical #381

Open
1 task done
ivanayov opened this issue Sep 13, 2023 · 0 comments
Open
1 task done

Bug: RSTUF admin ceremony fails for non-identical keys being considered identical #381

ivanayov opened this issue Sep 13, 2023 · 0 comments
Labels
bug Something isn't working needs-triage The issue needs triage

Comments

@ivanayov
Copy link
Contributor

ivanayov commented Sep 13, 2023
edited by kairoaraujo
Loading

What happened?

I created 2 keys with rstuf key generate:


┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃                              Key ID                              ┃ Key Type ┃                            Public Key                            ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ 2a1a09b885a36853b0f8f87a9048633c366fcac7b78da089235e2dd68ecd6f54 │   rsa    │                    -----BEGIN PUBLIC KEY-----                    │
│                                                                  │          │ MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAz7YM0fK/UUAAkgQkLhTX │
│                                                                  │          │ D1mNTSMSJ2XW6pOSwbrvXFNysYdci+CSF71GqvH3QCSjcj0j/+g3Vm2VESqZnWB1 │
│                                                                  │          │ UYGt81KlQ05PJ5ad/QxZuVUcgfYh+zMelKlZnbGsled4u2KXJ1O8l+8UkWOgY4tL │
│                                                                  │          │ XxSj94aUbgsOHFqfZeC0vrqVcU/SWSF4bGXyBhLjlta51App72dmyj9g+AhmrOYE │
│                                                                  │          │ TcyLnVXqfhrJv0z1S2Skj6lfLBHW8du8Kk4HmgXCAdrLl06MxgVvTQumqKX+pV7U │
│                                                                  │          │ wUngv0mNfmRF2jMc2dFH2xWORjhVPTx/qsuu4VR9UnbvJKXgnMtxPB52NYZR2zuO │
│                                                                  │          │ znXg+6du6Qp0133yEEJRYvXvzuyDJKzOpTLSdb4Lp1sWlYYrCdAt6i3BpLIsgQj8 │
│                                                                  │          │ +VWSJ89VFQ8YL4u7reXuOEtEkCYu19tvWYKT4PJ075yfWlSbx5QB+MuRvU63heKL │
│                                                                  │          │       KkyKR95EW95q4FV6kzfaySwbplAnA0Ga2s1LgKzHlwldAgMBAAE=       │
│                                                                  │          │                     -----END PUBLIC KEY-----                     │
└──────────────────────────────────────────────────────────────────┴──────────┴──────────────────────────────────────────────────────────────────┘

┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃                              Key ID                              ┃ Key Type ┃                            Public Key                            ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ ed44d89bb6ffd234a7b1a9e6c7a5ba60bf7d6543bea0e1ce9e0cb08e915cbabc │   rsa    │                    -----BEGIN PUBLIC KEY-----                    │
│                                                                  │          │ MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA27daeQx4jbdIpkFiP6uV │
│                                                                  │          │ 4N0FweDioqJQzX2JGsvuMwKgRyijsG37iBTogBfxyYwZMOnRszyJy9Ny760foGpR │
│                                                                  │          │ lsn597Jb7UxMgDKPYwlmQ8xWJ2T55BVh0k7s7dsfttO+8LCgkPgikRDHoySdi4JQ │
│                                                                  │          │ p7l5s57pG7yeYZFOAYcm36NrV1yUizHisl70KptCKokSu/RHYyBXos+8jVGu1rny │
│                                                                  │          │ Hz1ejBI7VXfs7e/BQbDTzwHSMOkLh7v8c50QDCoaUlLGq2pvYLRSSCNDM30F2R9O │
│                                                                  │          │ zmCTuzr1HLm5SmQdWT7b5/1Hva7qvaQVfN3yFu0fWK7dGLKehYWNoua7s8QV5q3b │
│                                                                  │          │ 7PdZwJfsQAulAxkdsVW+Jg7J9vbfwoNoY5tDtf+ZJuWnGFAXs7vUKI4hlubhy+4C │
│                                                                  │          │ mhLWwsu+9CgBsj/0/ffj8jWSxLVl82caMFuB7u2wmAtKumjEgWYAsWW8ydBHrCdG │
│                                                                  │          │       DhOg64NDFqQfSM6ky65/hfn6Nmv7CWW/zlmE8GN4qBUJAgMBAAE=       │
│                                                                  │          │                     -----END PUBLIC KEY-----                     │
└──────────────────────────────────────────────────────────────────┴──────────┴──────────────────────────────────────────────────────────────────┘

During rstuf admin ceremony, the ed44d89bb6ffd234a7b1a9e6c7a5ba60bf7d6543bea0e1ce9e0cb08e915cbabc key (named initial) was set as an online key and the 2a1a09b885a36853b0f8f87a9048633c366fcac7b78da089235e2dd68ecd6f54 (named rootkey) key as a root key and with the corresponding hashed and a path to the root key.

Configuring the root key failed with ❌ Failed: Key is duplicated.

Both were RSA. When I created a new ed25519 root key it worked well.

What steps did you take?

rstuf key generate and rstuf admin ceremony

Details are described above.

What behavior did you expect?

root key should not have been considered duplicated

Relevant log output

The Online Key                                           

The online key is the same one provided to the Repository Service for TUF Workers (RSTUF Worker).   
This key is responsible for signing the snapshot, timestamp, targets, and delegated targets (hash   
bin) roles.                                                                                         

The RSTUF Worker uses this key during the process of managing the metadata.                         

Note: It requires the public key information (key id/public hash) only.                             

Tip: "rstuf key info:" retrieves the public information                                             

🔑 Key 1/1 ONLINE

Select the ONLINE`s key type [ed25519/ecdsa/rsa] (ed25519): rsa
Enter ONLINE`s key id: 
Enter ONLINE`s key id: 
Enter ONLINE`s key id:  
Enter ONLINE`s key id: 
Enter ONLINE`s key id: 
Enter ONLINE`s key id: 
Enter ONLINE`s key id: ed44d89bb6ffd234a7b1a9e6c7a5ba60bf7d6543bea0e1ce9e0cb08e915cbabc
Enter ONLINE`s public key hash: MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA27daeQx4jbdIpkFiP6uV4N0FweDioqJQzX2JGsvuMwKgRyijsG37iBTogBfxyYwZMOnRszyJy9Ny760foGpRlsn597Jb7UxMgDKPYwlmQ8xWJ2T55BVh0k7s7dsfttO+8LCgkPgikRDHoySdi4JQp7l5s57pG7yeYZFOAYcm36NrV1yUizHisl70KptCKokSu/RHYyBXos+8jVGu1rnyHz1ejBI7VXfs7e/BQbDTzwHSMOkLh7v8c50QDCoaUlLGq2pvYLRSSCNDM30F2R9OzmCTuzr1HLm5SmQdWT7b5/1Hva7qvaQVfN3yFu0fWK7dGLKehYWNoua7s8QV5q3b7PdZwJfsQAulAxkdsVW+Jg7J9vbfwoNoY5tDtf+ZJuWnGFAXs7vUKI4hlubhy+4CmhLWwsu+9CgBsj/0/ffj8jWSxLVl82caMFuB7u2wmAtKumjEgWYAsWW8ydBHrCdGDhOg64NDFqQfSM6ky65/hfn6Nmv7CWW/zlmE8GN4qBUJAgMBAAE=
Give a name/tag to the key [Optional]: initial

Ready to start loading the root keys? [y/n]: y
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃                                      STEP 3: Load Root Keys                                      ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛


                                             Root Keys                                              

The keys must have a password, and the file must be accessible.                                     

Depending on the organization, each key has an owner, and each owner should insert their password   
personally.                                                                                         

Note: the ceremony process won't show any password or key content.                                  

🔑 Key 1/2 root

Select the root`s key type [ed25519/ecdsa/rsa] (ed25519): rsa
Enter the root`s private key path: /Users/iyovcheva/go/src/github.com/repository-service-tuf/repository-service-tuf-cli/root    
Enter the root`s private key password: 
[Optional] Give a name/tag to the key: rootkey
❌ Failed: Can't open /Users/iyovcheva/go/src/github.com/repository-service-tuf/repository-service-tufoot
✅ Key 1/2 Verified
❌ Failed: Key `keyid` is None.

🔑 Key 1/2 root

Select the root`s key type [ed25519/ecdsa/rsa] (ed25519): rsa
Enter the root`s private key path: /Users/iyovcheva/go/src/github.com/repository-service-tuf/repository-service-tuf-cli/root 
Enter the root`s private key password: 
[Optional] Give a name/tag to the key: rootkey
✅ Key 1/2 Verified

🔑 Key 2/2 root

Private or Public key
- private key requires the file path and password
- public info requires the a key id and key hash
  tip: `rstuf key info` retrieves the public information
Select to use private key or public info? [private/public] (public): 
Select the root`s key type [ed25519/ecdsa/rsa] (ed25519): rsa
Enter root`s key id: 2a1a09b885a36853b0f8f87a9048633c366fcac7b78da089235e2dd68ecd6f54
Enter root`s public key hash: MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAz7YM0fK/UUAAkgQkLhTXD1mNTSMSJ2XW6pOSwbrvXFNysYdci+CSF71GqvH3QCSjcj0j/+g3Vm2VESqZnWB1UYGt81KlQ05PJ5ad/QxZuVUcgfYh+zMelKlZnbGsled4u2KXJ1O8l+8UkWOgY4tLXxSj94aUbgsOHFqfZeC0vrqVcU/SWSF4bGXyBhLjlta51App72dmyj9g+AhmrOYETcyLnVXqfhrJv0z1S2Skj6lfLBHW8du8Kk4HmgXCAdrLl06MxgVvTQumqKX+pV7UwUngv0mNfmRF2jMc2dFH2xWORjhVPTx/qsuu4VR9UnbvJKXgnMtxPB52NYZR2zuOznXg+6du6Qp0133yEEJRYvXvzuyDJKzOpTLSdb4Lp1sWlYYrCdAt6i3BpLIsgQj8+VWSJ89VFQ8YL4u7reXuOEtEkCYu19tvWYKT4PJ075yfWlSbx5QB+MuRvU63heKLKkyKR95EW95q4FV6kzfaySwbplAnA0Ga2s1LgKzHlwldAgMBAAE=
Give a name/tag to the key [Optional]: rootkey
❌ Failed: Key is duplicated.

Code of Conduct

  • I agree to follow this project's Code of Conduct
@ivanayov ivanayov added bug Something isn't working needs-triage The issue needs triage labels Sep 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working needs-triage The issue needs triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ivanayov