2

I've got some certificate files, namely a .key file which says:

-----BEGIN RSA PRIVATE KEY-----
IEpAIBAAKCAQEAwAwxt4edIh3UuK8r5
....blablabla..................
QSNoquaasdsaKDybrezemVqCxsQjg==
-----END RSA PRIVATE KEY-----

So it's a RSA Private Key.

I used to load them from files like so:

@private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file))

But since I am using Heroku, I intend to have my certificates saved as their values in environment variables.

So I've pasted them in my .env file

COMPANY_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKC.....\n-----END RSA PRIVATE KEY-----"

Yeah, I switched the \n for explicits \\n based on Multi-line config variables in Heroku. So now my code looks like this:

@private_key = OpenSSL::PKey::RSA.new(ENV['COMPANY_KEY'])

And if I run it from the console I get the object built. But if I try to run it from the web server (Puma 3.4.0 over Rails 4.2.6, Ruby 2.2.3) it fails miserably saying: Neither PUB key nor PRIV key:: nested asn1 error when trying to run that same line.

If I use the debug console I get that the read file looks like "Line 1\\nLine3\\nLinea3" and so on...

I'm pretty sure that it has something to do with the file format, but I'm all out of ideas and maybe you could help if you had a problem like mine.

Community
  • 1
  • 1
Lomefin
  • 1,173
  • 12
  • 43
  • Please create a test private key, and then post it. While your doing so, take a look at [How to generate RSA private key using openssl?](http://stackoverflow.com/a/30493975/608639). Notice the difference between a ***public key*** and ***subject public key info*** with resect to the pre-encapsulation header (***`-----BEGIN RSA PUBLIC KEY-----`*** versus ***`-----BEGIN PUBLIC KEY-----`***). The same holds for private keys. – jww Jul 01 '16 at 01:07

3 Answers3

11

I finally found a way to do it... mixing it all up!

So the file, for example company.key looks like

-----BEGIN PRIVATE RSA KEY ----
Mumbojumbomummbojumbo
-----END RSA PRIVATE KEY----

So I switched it to a one liner, making explicit \n in the string (so its a real \n)

COMPANY_KEY=""-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEA+ztKEj\n-----END RSA PRIVATE KEY-----\n"

Don't forget the last \n in the file.

Now, the last part, in the place where I used to do

@private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file))

Now I do

@private_key = OpenSSL::PKey::RSA.new(ENV['COMPANY_KEY'].gsub("\\n", "\n"))

And now works like a charm! No public certificates, every piece of info in environment variables.

Lomefin
  • 1,173
  • 12
  • 43
  • Yes, thanks! Adding the `.gsub("\\n", "\n")` was the piece I needed to add. (btw, you should accept your answer as the correct one) – skplunkerin Jul 19 '18 at 17:56
4

Save yourself some trouble and store only the certificate or key body in the environment variable. No need to put in newline characters.

SECRET = <<-SECRET
-----BEGIN PRIVATE KEY-----
#{ENV['SECRET_KEY']}
-----END PRIVATE KEY-----
SECRET

CERTIFICATE = <<-CERT
-----BEGIN CERTIFICATE-----
#{ENV['CERT']}
-----END CERTIFICATE-----
CERT
pyRabbit
  • 803
  • 1
  • 9
  • 33
  • Yes, this works, but this method assumes the ENV exists. I was asking how to save the value into the environment in the first place. – Lomefin Dec 02 '21 at 05:47
0

I switched the \n for explicits \\n based on Multi-line config variables in Heroku.

... If I use the debug console I get that the read file looks like "Line 1\\nLine3\\nLinea3" ...

You problem should be here. The post you are linking is not suggesting to double escape your new lines, it is suggesting to wrap your multi-line text into "double quotes". In bash, it would allow to enter multi-line text at the terminal. The post also suggests to do it an in much easier way:

heroku config:add MASISA_KEY ="$(cat your_private_key.pem)"
Community
  • 1
  • 1
Uzbekjon
  • 11,655
  • 3
  • 37
  • 54
  • Maybe that could help me while uploading the key to Heroku, but I am trying to test my code on my development machine. So what I find need is to try out that the certificate is correctly loaded in my .env file. – Lomefin Jul 03 '16 at 21:32