Failure with key generation on gcp
Opened this issue · 7 comments
Hello
I am trying to use your code with a pycom device running micropython and GCP IoTCore. During the create registry step the pem file generated using the instructions in the guide failed to work. Each time GCP said the pem file was invalid. I tried to manually copy as well as upload and the message was the same. I also tried to generate and upload the key reference by the gcp help page and it failed.
Here are the methods which failed to work and the source for the given method.
Source: https://github.com/GoogleCloudPlatform/iot-core-micropython
openssl genrsa -out rsa_private.pem 2048
openssl rsa -in rsa_private.pem -pubout -out rsa_pub.pem
Source: https://cloud.google.com/iot/docs/how-tos/credentials/keys
openssl genpkey -algorithm RSA -out rsa_private.pem -pkeyopt rsa_keygen_bits:2048
openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem
This method worked for creating the key in IoTCore upload CA certificate for the Registry using the self-signed CA certificates method.
openssl genpkey -algorithm RSA -out ca_private.pem -pkeyopt rsa_keygen_bits:2048
openssl req -x509 -new -nodes -key ca_private.pem -sha256 -out ca_cert.pem -subj "/CN=unused"
I'm not sure if the code will work at this point. I'm just tryig to get the registry created with keys.
HMM. The private key file does not have the marker -----BEGIN RSA PRIVATE KEY-----
. If you manually add the RSA text to the marker, it fails later with this stacktrace
(env) davis@twenty:~/progs/notmine/iot-core-micropython$ python utils/decode_rsa.py >> config.py
Traceback (most recent call last):
File "utils/decode_rsa.py", line 17, in <module>
pk = rsa.PrivateKey.load_pkcs1(private_key)
File "/home/davis/progs/notmine/iot-core-micropython/env/local/lib/python2.7/site-packages/rsa/key.py", line 118, in load_pkcs1
return method(keyfile)
File "/home/davis/progs/notmine/iot-core-micropython/env/local/lib/python2.7/site-packages/rsa/key.py", line 560, in _load_pkcs1_pem
return cls._load_pkcs1_der(der)
File "/home/davis/progs/notmine/iot-core-micropython/env/local/lib/python2.7/site-packages/rsa/key.py", line 494, in _load_pkcs1_der
as_ints = map(int, priv[1:6])
TypeError: int() argument must be a string or a number, not 'Sequence'
I'm still playing with this.
This method allows a key to be uploaded to GCP and also allows execution of the decode_rsa.py script.
openssl genrsa -out rsa_private.pem 2048
openssl req -x509 -new -nodes -key rsa_private.pem -sha256 -out ca_cert.pem -subj "/CN=unused"
python utils/decode_rsa.py >> config.py
@ferrarimarco I gave up trying to use this code as is when I found that the version of micropython had a port of this repo. Sadly their method for creating and uploading a key fails with same error. Their method appears to use the google root cert. Here is the issue I filed there and the more detailed method of how I used google console to add the key.
@ferrarimarco I finally got the pycom version of this code to work. It seems my problem was with the point at which I added the key. I was trying to add the key to the registry and not the device. I can generate a pull request on the docs similar to what I did for pycom if you wish. I update the readme.md there and uploaded three screenshots of the google cloud platform settings. Here is the pull request for their code. pycom/pycom-libraries#119
Thanks! That would be helpful :)
ok. will do. I have some other tasks I need to complete before I can redo this using the original source rather than the pycom port.
This post helped me to solve the problem
instead of:
openssl genrsa -out rsa_private.pem 2048
use:
openssl rsa -out rsa_private.pem 2048
For the my use, had done:
openssl rsa -in rsa_private.pem -out rsa_private.pem