Error: error:0909006C:PEM routines:get_name:no start line - node

Question

I have cloned this repo (https://github.com/docusign/code-examples-node) and believe I have entered all required keys and codes. But, when I try to authenticate with JWT I get this error:

    at Sign.sign (internal/crypto/sig.js:105:29)
    at Object.sign (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\jwa\index.js:152:45)
    at Object.jwsSign [as sign] (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\jws\lib\sign-stream.js:32:24)
    at Object.module.exports [as sign] (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\docusign-esign\node_modules\jsonwebtoken\sign.js:189:16)
    at generateAndSignJWTAssertion (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\docusign-esign\src\ApiClient.js:62:16)
    at exports.requestJWTUserToken (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\docusign-esign\src\ApiClient.js:890:19)
    at _DsJwtAuth._getToken [as getToken] (C:\Users\BrownJ3\Documents\repos\code-examples-node\lib\DSJwtAuth.js:85:33)
    at log (C:\Users\BrownJ3\Documents\repos\code-examples-node\lib\DSJwtAuth.js:174:33)
    at _DsJwtAuth.DsJwtAuth.login (C:\Users\BrownJ3\Documents\repos\code-examples-node\lib\DSJwtAuth.js:184:5)
    at commonControllers.login (C:\Users\BrownJ3\Documents\repos\code-examples-node\lib\commonControllers.js:36:16) {
  library: 'PEM routines',
  function: 'get_name',
  reason: 'no start line',
  code: 'ERR_OSSL_PEM_NO_START_LINE```

Answer 1

What this typically means is that the PEM file is missing the indicator that the key portion has begun.

PEM files are structured like this:

Intitial Data to be processed

-----Begin <Type>-----

Key Information

-----End <Type>-----

The standard for these files can be found here: https://www.rfc-editor.org/rfc/rfc7468

Can you confirm if the -----Begin / End lines are present are present in the PEM file you're using? Please don't post the actual file here, if they are present in the PEM we're going to want to have you open a support case with DocuSign so we keep any necessary private data for troubleshooting private.

Answer 2

If using docker, I have some observations.

1. Try to make .env values plain text. Not string literal.
2. When getting the item to code, replace '\\n' with '\n'

Answer 3

If you indeed have valid structure of PEM as @Matt King DS suggested, but you still get this error, it is likely that new lines are causing error.

If you are using dotenv then from documentation:

Multiline values

If you need multiline variables, for example private keys, those are now supported (>= v15.0.0) with line breaks:

PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----

...

Kh9NV...

...

-----END DSA PRIVATE KEY-----"

Alternatively, you can double quote strings and use the \n character:

PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nKh9NV...\n-----END DSA PRIVATE KEY---

AWS lambda

I also encountered this error in AWS lambda. Here above approach didn't work for me. I had to have env variable in lambda without double quotes, with \n instead of new lines and in code I had to replace \n by \n, like this:

process.env.MY_PRIVATE_KEY.replace(/\\n/g, '\n')

Answer 4

You can validate your certificate here: https://www.sslchecker.com/certdecoder.

In my case, I pasted wrongly that missed one dash:

- -----BEGIN CERTIFICATE-----
+ ----BEGIN CERTIFICATE-----

Please note the first five dashes are critical.

Caution

If you don't want to paste into an unknown site, you can try the following command instead, thanks to @Adrian Gonzalez:

openssl x509 -in <cert-name>.pem -noout -text

Answer 5

If you have this problem with Angular CLI then ensure that your ssl key paths are valid.

Had the same problem when running :

ng serve --ssl true --ssl-cert ./ssl/server.crt --ssl-key ./ssl/server.key

and it turned out my paths were invalid.

Answer 6

I solved it by just running the following lines of code. This can be run anywhere in order to turn the normal \n into actual newlines '\n'

jWtstring = 'your_JWT_string'
jWtstring.replace(/\\n/g, '\n')

After you get the newly line-entered JWT key, you can paste it to SSM or perform the next steps as you wish.

Answer 7

Try to delete .nprm from -->

C:\Users{username}

then it will works fine

Answer 8

const fs = require('fs')
const https = require('https')


https.createServer(
    {    
        key:fs.readFileSync('key.pem'),
        cert: fs.readFileSync('cert.pem'),
    }
).listen(PORT, () => {
    console.log(`server is running on http://localhost:${PORT}`);
})

you need to load the file key.pem before initialize to the "key: key.pem" with readFileSync that belongs to fs module

https.createServer:- https://nodejs.org/api/https.html#httpscreateserveroptions-requestlistener fs.readFileSync:- https://nodejs.dev/en/learn/reading-files-with-nodejs/

Answer 9

For the angular version 14.2.8 use following commands.

ng serve --ssl "Your_project_name" --ssl-key "path_of_key" --ssl-cert "path_of_your_certificate"

Example:-if your key and certificate on a same drive C://your_key or C://your_certificate

Answer 10

you have to use

 const key = new NodeRSA({ b: 512 });
    let keypair = {
        private: key.exportKey(),
        public: key.exportKey("public")
    };

this private key at the time of signing token with RSA

Answer 11

if you just using it as sandbox project you can use: (without private key)

var jwt = require('jsonwebtoken');
var token = jwt.sign({ foo: 'bar' }, 'shhhhh');

if not as sandbox, you have to generate a privteKey.

you can see it on jsonwebtoken docs: https://www.npmjs.com/package/jsonwebtoken

Answer 12

I have exactly the same issue on my M1 Mac Pro.

Solved my problem by:

1. Search for your .npmrc file and delete it. sudo find ~ -type f -name '*npmrc' rm -rf /Users/<user>/.npmrc
2. Do some classics like: npm cache verify npm cache clear --force
3. Finally use the npm install