2

I have done research into this error and it seems as though so far nothing is working for me. I am using Node.js and the crypto library. My Private key is stored in a dotenv file like below:

.env file

PRIVATE_KEY = -----BEGIN RSA PRIVATE KEY-----
ezfvDUlrPehGYvlmQq3ReTk8EiO8N0RDvsJqerZJ91Lb6UBGlOyuv/SaxDxwxx/g
....more lines...
5SRwCCIaByIwAw0HkQx+XnBqW8II2TgTb9MMBQht/Cu5WZKFroagGQO5cgyilQg4
-----END RSA PRIVATE KEY-----

index.ts

const WM_KEY_PRIVATE = process.env.WM_KEY_PRIVATE;
 
function createSignature(reqHeaders: SecurityHeaders) {
const signer = createSign('RSA-SHA256');
const payload = generateSignatureMap(reqHeaders);
console.log("payload:", payload);
signer.update(payload);
signer.end();
return signer.sign(WM_KEY_PRIVATE, 'base64');
}

function generateSignatureMap(reqHeaders: SecurityHeaders) {
let keys: string[] = Object.keys(reqHeaders).sort();
let vals: string[] = [];

for(let k of keys) {
    vals.push(reqHeaders[k].toString().trim());
}
return vals.join('\n') + '\n';
// let keys = reqHeaders.toString()
// return keys
}

Can anyone point me in the right direction to get rid of this error? Should I not use .env to store the key? I have read where keys in this format are difficult to load from .env files, but I have not come across a real solid solution for this. I have tried making it all one line too. Any help in understanding this will be appreciated. Thank you.

KJF
  • 31
  • 1
  • 4
  • 1
    Use doublequotes and backslash-n (on one line); dupe https://stackoverflow.com/questions/48284126/node-multiline-process-env-with-and-without-dotenv . https://github.com/motdotla/dotenv/pull/486 indicates that a syntax more like you want, and in ruby, is coming perhaps soon. – dave_thompson_085 Aug 28 '21 at 02:29
  • Thank you @dave_thompson_085. I did try your solution and I have seen it work for other people. For some reason, it did not work for me. Instead I had to "npm install fs" (backend is Node.js) and use that library to read the PEM file with the private key. Thank you for taking the time to answer. – KJF Sep 02 '21 at 00:52

1 Answers1

0

I was having the same error -- error:0909006C:PEM routines:get_name:no start line -- using libcrypto (OpenSSL) in C. So a different environment but perhaps this could be useful for someone else.

In my case I had the certificate in a string and conversion to an X509 type always failed. But it worked when the certificate was read from file.

The problem was the lack of \n as @dave_thompson_085 suggested in a comment to the OP's question.

Doesn't work: no \n

static const char *C1 = "-----BEGIN CERTIFICATE-----"
"MIIEoTCCAwmgAwIBAgIJANEHdl0yo7CWMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV"
(...)
"tQAVo+yVgLgV2Hws73Fc0o3wC78qPEA+v2aRs/Be3ZFDgDyghc/1fgU+7C+P6kbq"
"d4poyb6IW8KCJbxfMJvkordNOgOUUxndPHEi/tb/U7uLjLOgPA=="
"-----END CERTIFICATE-----";

Fixed version

static const char *C1 = "-----BEGIN CERTIFICATE-----\n"
"MIIEoTCCAwmgAwIBAgIJANEHdl0yo7CWMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV\n"
(...)
"tQAVo+yVgLgV2Hws73Fc0o3wC78qPEA+v2aRs/Be3ZFDgDyghc/1fgU+7C+P6kbq\n"
"d4poyb6IW8KCJbxfMJvkordNOgOUUxndPHEi/tb/U7uLjLOgPA==\n"
"-----END CERTIFICATE-----\n";

Note the \n at the end of each line.

Daniel
  • 2,380
  • 29
  • 44