Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY #151

Open
soubinan opened this issue Dec 3, 2023 · 0 comments
Open

unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY #151

soubinan opened this issue Dec 3, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@soubinan
Copy link

soubinan commented Dec 3, 2023

Description
Hello,
It is my first use of consign, I tried to check if any mention of this issue was reported but nothing found. And the error message is not really helping to understand what could be the cause.

the error says:
getting signer: reading key: unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY

No idea about the potential reason of this issue. I regenerated the keypair at least three times.
I also tried without a key password since the meesage seems about the key decryption part, but the issue remains

Version

3.2.0

My current workflow

https://github.com/soubinan/xoa-container/blob/main/.github/workflows/build.yml

name: Container Image Build and Sign

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]
  release:
    types: [published]

env:
  IMAGE_NAME: soubinan/xoa-container
  TEST_TAG: soubinan/xoa-container:test
  PROJECT_URL: https://github.com/soubinan/xoa-container
  AUTHOR: https://github.com/soubinan

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Get xo-server version
        id: xo-server
        run: |
          echo "XO_SERVER="$(curl -s https://raw.githubusercontent.com/vatesfr/xen-orchestra/master/packages/xo-server/package.json | jq -r ".version") >> $GITHUB_ENV
      - name: Get xo-web version
        id: xo-web
        run: |
          echo "XO_WEB="$(curl -s https://raw.githubusercontent.com/vatesfr/xen-orchestra/master/packages/xo-web/package.json | jq -r ".version") >> $GITHUB_ENV
      - name: Checkout
        uses: actions/[email protected]
      - name: Docker meta
        id: meta
        uses: docker/[email protected]
        with:
          images: |
            ghcr.io/${{ env.IMAGE_NAME }}
          tags: |
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=raw,latest
          labels: |
            org.opencontainers.image.source=${{ env.PROJECT_URL }}
            org.opencontainers.image.url=${{ env.PROJECT_URL }}
            org.opencontainers.image.title=XOA-Container
            org.opencontainers.image.documentation=${{ env.PROJECT_URL }}
            org.opencontainers.image.authors=${{ env.AUTHOR }}
            org.opencontainers.image.licenses=CC-BY-NC
      - name: Install cosign
        if: github.event_name == 'release'
        uses: sigstore/[email protected]
        with:
          cosign-release: main
      - name: Set up Docker Buildx
        uses: docker/[email protected]
      - name: Login to Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GHP }}
        if: github.event_name == 'release'
      - name: Build and push
        id: build-and-push
        uses: docker/[email protected]
        with:
          context: "."
          file: "./Containerfile"
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}
          cache-from: type=gha
          cache-to: type=gha,mode=max
          build-args: |
            XOWEB=$XO_WEB
            XOSERVER=$XO_SERVER
          push: ${{ github.event_name == 'release' }}
      - name: Sign the published container images
        if: github.event_name == 'release'
        run: |
          cosign sign --yes --key env://COSIGN_PRIVATE_KEY "${TAGS}@${DIGEST}"
        env:
          TAGS: ${{ steps.meta.outputs.tags }}
          DIGEST: ${{ steps.build-and-push.outputs.digest }}
          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
@soubinan soubinan added the bug Something isn't working label Dec 3, 2023
@soubinan soubinan changed the title Error when trying to sign saying: getting signer: reading key: decrypt: encrypted: unexpected kdf parameters Error when trying to sign saying: unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY Dec 3, 2023
@soubinan soubinan changed the title Error when trying to sign saying: unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY unsupported pem type: ENCRYPTED SIGSTORE PRIVATE KEY Dec 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants
@soubinan and others