DFFML Rolling Alice: Engineering Logs: Volume 0: Architecting Alice, 11 May 2022

Previous Meeting Next Meeting

⏯

youtube image

►

From YouTube: Architecting Alice: Volume 0: Context: Part 23: The Battle of ED25519 SSH PEM Formatting!

Description

https://github.com/intel/dffml/discussions/1369#discussioncomment-2718464

A

B

A

So let's go ahead and forge our or let's go ahead and issue a did key. So let's go take a look at the tv decks right. So what's our general flow here so we're going to be.

A

You know generic.

A

Flow um or, let's say default default flow with, where our default flow, when saving to peer or generic flow errick flow outline.

A

When saving to peer did for caching format, all right so remember, why are we doing all this? We just want to save we? Just all we want to do is save and load data flows right from disk. um What's the side effect, if we save them and load in in this format from disk also becomes something that we can pass around and create some distributed execution with. um So.

A

Our generic flow okay.

A

If, okay, so, if or let's say, um dd entity.

A

Okay, so um if group, if organization uh create, add great ephemeral entity for this execution or let's see if organization, okay, so basically entity for top level system context, okay, so we kick off top level system context. Something starts so our first call basically right because remember this is like a calling convention. So we call in to the open architecture uh we need to know who is running the top level system context right. So, in the event that multiple parties are involved in execution of the top level system context.

A

Equally right, so, basically, everybody is equal in some org and you're all running this thing as an org, so maybe you're doing like a key signing ceremony right. um uh An entity in ad hoc ad hawk organization will be formed if it's not already being referenced, uh let's actually say so. This is. I started with the most complex case, okay, so um so the entity for that org will be used.

A

Okay, so, uh basically you know we may already have an entity so use existing so entity for top level system context use uh uh load via overlay, given on call okay. So this could be like you know, uh dfml.run the cli http um startup.

A

um Actually, that's going to be the cli as well, if or different run cli, okay, yeah, so uh hp, api execution.

A

I think of new request creates new top level system context because we are going to be running.

A

Some subflow some flow to respond to an event.

C

A

Load via overlay, given on call okay, so um okay. So what is this saying so basically we're saying that we need an entity, so generic flow outline when saving we're saving to put or generic flow outline? Okay. So um this is gonna, be generic right and then we're to tie this to pure d ids, all right so.

A

We have a top level.

A

We'll call this calling convention.

A

Open architecture calling convention, okay, so entity for top level system context, okay, so load via overlay, given on call basically right, so so every top level every every call. So in this case.

A

In this case, um uh top level system context means the first call into the open architecture.

A

um Subsequent fall calls once within the callee that becomes the new uh top level system context in relation uh that becomes the new top-level system context. The original becomes referred to as the parent system context.

A

A

All right, because, okay, so this is contradictory- a bit with.

A

I want something to call it that.

A

A

Once within the callee, the caller.

A

Is referred to as the parent system context all right, so the colleague should only.

A

Be referred to.

A

As the system context, unless we are talking about it uh in the process of or talking about it in relation to it,.

A

Being a caller itself of a subcontext.

D

C

A

uh If it begins the calling or if it does, if it begins, setting up a collee via forming of a manifest, we will start referring to.

A

As the top level system context, all right so just to be clear right so basically.

A

All right so open architecture, calling convention in the case in this case.

A

Let's just say top level system context means the first call into the open architecture.

A

Once within the callee, the caller is referred to as the parent system context as well as well. Okay, the parent system context, the colony- should only be referred to as the parent as the system context. Unless we are talking about it in relation to the caller itself being a subcontext, it launches or manages it if it begins setting up a colleague via formula mantis, we will start referring to it as the as a parent system context within the context of its relationship to its new potential child.

A

A strategic plan.

A

Okay, so strategic plan, which suggests a system context.

A

Will be in the parent will be.

A

A parent system context in the provenance data of the are we recording.

A

Okay in the conte, it will be apparent system context in the prominent state of the uh system, context which chooses to run that suggested context. The running context will be the callee.

A

However, the context that does pick up.

A

D

A

Okay, um okay, so.

A

uh A okay so yeah, so you can have a context, can have multiple parents one. Only one of them can be a.

A

A

B

A

A

Okay, so we have stage right now so stage execute stage cleanup so yeah, so maybe we'll just reuse stage, because operations already have this notion of stage.

A

Okay, so entity for top level system context load via overlay, given on call okay in the event that multiple parties are involved, ad hoc org will be formed uh and two before that ordinary flown um we'll say you know, entity for topsail system context uh is a did key.

A

Okay, so uh we'll just create a new did key. If we don't have one already so we're gonna do all this in memory at first um and then we'll back it to disk via dataflow or you know, via you know, some remote database or whatever we'll figure it out um so um okay entity for top level system context is the id key okay. So.

A

Let's see so in the input network, basically we're going to write. You know this dataflows class and then we're going to write input networks using dataflows class, which are just operations which basically just sit there and listen for you know incoming dids and then, when they get them, they'll add them as inputs. You know: they'll grab the off chain data. However, they need to grab the off change data and they'll, convert them to inputs right um so uh yeah. um Maybe we could use.

A

uh Let's see we can use these for encoding operations manifest okay, so.

A

Yeah, because we're going to use the manifest to encode the data as well. That's static data, we'll just run it and it'll return us the static data, so everything will be a manifest okay.

A

Operations, I can also just have flows and added to chain which returns static, data. Okay, so we're going to add a layer of indirection there right now and then we're going to optimize later we're going to take it away. So um so, let's see dt manifest.

B

uh We'll make another you: should we have uh the id.

A

For static data, primitives, uh yeah, so and, and so remember, this is the purely ids are almost more of a messaging thing than actual. You know like what what you know, people have been thinking of with consensus, maintained, blockchains right, um so this is really just our our cryptographically linked list here.

A

A

Consider if I sign check 45 and give it to someone who then caches it, the money will come out of my account and I'll get a receipt. That person tries to cash the check again, no problem, so we can see okay, we don't have time for this. um Okay, we're just gonna, create some keys. Okay, so.

A

I want to do this on that box.

D

A

Yeah I want to do this on this.

A

A

Oh, we gotta go hit f1 eventually.

A

North streaming.

B

A

A start job is running for dhcpd.

A

Reach target login prompts start a good tty and.

B

A

Very exciting, very exciting: okay, we gotta learn how to we gotta learn how to make some keys. We're gonna have to go use our good old, friendly, json web key, wonderful, okay, splendid here we are.

A

Json web key: okay: let's jump back into this and we're gonna we're gonna, try to decipher this json web key stuff. Okay,.

A

Gg really is that when I named this.

C

ah I love it, I love it. I love it. I love it.

B

A

We don't have git on this system. I clearly never set this thing up. If we don't have git on this. ah Oh, oh everything is gonna, be beautiful. This is gonna, be so great. Oh, my god. This is gonna, be so great. Okay,.

A

Okay, that's right! No! This is working.

C

A

Alright sonic stalker run.

A

B

A

So copy the contents to the mount directory.

A

Change directory.

C

Okay, we're just gonna try this.

C

A

I want to do this from the server running on the chain. Damn it.

A

All right, good, old systemd and spawn dude. Where do you try this? We might have already tried this.

C

B

B

Vert tv path.

A

Failed to initialize aplm library.

A

Pac-Man tv.

A

A

A

um Fail to initialize.

A

Actually goes all right.

B

B

Somebody says: go see this. This says.

A

A

Maybe we just need a pull.

A

Now we're running the latest version.

A

That's why you.

A

Okay, so there's something wrong with the permissions on this thing, with the containers.

A

This looks good to me.

A

No confirm no progress, but what is this.

A

It's corrupted.

A

What was that key stuff? We did.

A

I remember we did some key stuff. Okay, so.

C

A

A

Pac-Man key refresh keys or maybe no confirm sy, so you um arch linux, key ring.

A

Let's try just okay invalid crypto engine gpg me.

A

Wow, this is a wow. What the.

B

A

A

Where's step four.

A

B

C

A

Okay, so let's try this keyring.

A

Full system of good.

A

Why are they in mount.

A

I think word mount too.

A

Okay, same errors, looking.

A

Why is this happening? All we're doing is pulling the latest arch linux.

A

A

Okay december, that's not that long ago.

A

May and december must be when they did this image when they rolled this image.

A

All right, this is helpless. Fine, it doesn't matter. It's all just bits. um Wait a minute.

A

All right, it's all just bits: okay,.

A

Okay, so we need to understand how do we create these json web keys.

A

Then we have some code for that in here somewhere.

A

Here's where we were spinning up ssi service.

B

A

A

I wonder I think you can create a. I wonder. I think you can probably create a ram disk switch route to the ram desk and then reinstall the system, but we don't have time for that. So.

A

Encryption keys: okay: let's try to figure out how to make a id key with the purity id library.

A

Now mal goes zero. I think that's what we're looking for. So I think that's just a key, so assigning keys one okay.

A

Let's take a look here just to confirm yeah, so d, id yeah, so pure zero means that this is a did key right. So we could replace this portion and then all of a sudden we'd have a did key okay. So we want to figure out how to use verification, material value, assigning keys, verification, material, okay, verification, material authentication, okay, agreement.

A

So where is this coming from.

A

Okay, validate okay generates pure id zero I'll go around stadia doc for this type.

B

B

A

How do we sign this stuff.

A

Maybe the did com library has more insights into that. I think yeah. Okay, here we go yeah, that's right: verification, material, okay format, jwk, okay, ddid example.

A

Okay secrets: resolver, there's all alice's keys and what are we looking at here? Okay, so these are.

B

A

A

Keys, okay, so all right we're at 933, okay, so ed25519 what else we got x25519?

A

um Okay! So let's go through these okay, so we have quite a few key agreements that we can use. So let's go pop open a another window here, oops.

A

And let's go um where's alice secret, okay secret references; okay! So, let's go over to um maybe let's see so uh open ssh.

A

A

Okay, what kind of okay here we go: ed25519, okay, so ed25519.

B

A

Okay, let's see look we're looking at our list here, so I think let's go, I didn't realize this was going to be this. This nice. This is clean, so ed25519, I think, will just give us a clean cut over there.

A

D

A

Okay, he's happy now he's upstairs by himself. um Let's see.

A

Okay, so let's yeah, let's, um I wonder, uh find principles check no validate sign verify. I think if we do this, this is going to allow us to so so. Github exposes everybody's public keys, which is great they're public. So that means we can chain right off that which is going to be sweet. If we can use these so.

A

Let's specify for key format.

A

Okay, so let's check out our json web key library, let's see.

A

Export import key set imports in rfc.

A

75 17, okay, so.

A

Json webkey set okay from pam json web key export to fra pam from pam. Okay creates a pkcs 11 formatted data loaded from a pem file, import from pam imports, key from a data loader from a pem file. Oh my god! This is gonna, be so cool. Okay. um If we can do this, it's gonna be awesome. Okay, so let's do ssh keygen or, let's see.

B

A

Okay, ssh keygen.

A

With tempter temporary.

A

As tempter temp file so with temp file, temporary directory as tempter import, temp file- okay, so we are just going to say, uh create.

A

A

In pam format, okay, so um to do make this an operation which could be added to flow, perhaps generate.

A

Key within jwk lib.

A

Eventually, support rating.

A

B

B

A

A

A

So ssh keygen and what did it tell us.

B

A

And file that temporary oh put, the prince in the wrong place: ssh keygen, okay, so dash t, and then we want ah so dash t.

A

uh We want this one, this ed25519, because that looks like a supported one from the uh did com stuff and then we want m format and would we side man, ssh key gen uh format,.

A

uh Pep or not pep hate, um what was it pkcs.

A

Oh pcs11 download.

A

A

um Pam is a standard format or wait. A minute creates a okay, a pemas, I would say pem is a good choice for a standard format here. But let's uh this is a.

A

It's a very standard format for keys.

D

A

A

A

Does it want input data.

B

Logger equals self.log.

B

Let's just try.

B

A

Dot check call see what happens it might be choking on a line uh waiting for a new line yeah enter in or place where you want to save the file. Okay, yeah we're choking on that new line um yeah I wish we could just set it up to read. I think, there's there's there's a way, I'm not sure what it is, though, but there's a way.

A

A

D

A

Identity root, key okay enter passphrase; okay, um let's say: okay, so.

A

To do make pass phrase.

B

A

Okay, now you know which we're just gonna. Do it now.

B

A

Okay, peer did config all right, so we're going to make this config object and we're just going to say you know: here's a field, here's the key phrase.

A

So what we would do is we'd make a config and then another config. So.

A

And this so basically, eventually this would become really. This thing should be its own operation right and then we would call into it so, but we're gonna just have it have its own config right now. So key.

A

Private key uh passphrase.

A

Private key material or encrypted.

A

Encrypted private key has a password.

A

Password to lock encrypt decrypt.

B

A

All right- and so you know why we use this well, okay, so somebody if somebody gets a hold of your your private key, they still have to crack your password to be able to use it right so um and we'll make it so that it has to be set so encrypted private, key, okay, so where's our data flow down here.

A

So we can say.

B

Data flow configs.

B

A

So encrypted private key and the passphrase.

A

Equals the environment all right and by doing this, so why? Why are we doing it this way? Why don't we just hard code, the password.

A

Because doing it like this means that we have technically done our due diligence here right, we we, we did what we were supposed to do to make this thing secure right. All I have to do is provide a password right. The rest of it you know is is is is up to you, um so we know that we need the key in this format. We have to have the key in this format right now, but we can say to do make this configurable in the future.

A

Right and then you know this- uh maybe to do make this confu configurable right, so we want to make these. We want to support these things being configurable. You know, including this path.

A

You know really really everything should be configurable right. um That's our goal here.

A

ah So maybe a subprocess.

A

So there's a pr for the subprocess based operation implementation network, which would cover stuff like this all right so basically generate our key.

A

And I will say that the you know the config class is this encrypted private key.

A

Now we'll call help right now get the arguments key phrase: oh key passphrase, all right. So now we can say key passphrase.

A

Equals something down or something throw away.

A

And now, all of a sudden, you know we haven't uh dug ourselves into a hole here. Data flow object has no attribute config but doesn't have a configuration there. We go okay, so empty passphrase, so this was supposed to run help.

A

We probably didn't ask nicely enough. We only did h help all right. Okay, so the let's see so um ssh.

A

Keygen provide uh pass key pass phrase command line.

D

B

A

New pathways, great.

A

And we can say self.parent dot, config dot, passphrase.

A

So it should generate a key boom. Okay, so we have a key great.

A

So let us try to use our key. So what did we have here? um So, let's go check out our did com usage, um and here we are okay, so secret type, verification, material, verification, material agreement, okay, so verification material.

A

So let's go ahead and create some, this verification, material or let's go ahead and understand some I'm going to duplicate this tab and we're going to go. Look for verification, verification, material agreement. Actually we're going to go. Look at this key and where this key is used and then we're going to see you know where it's used to create some verification, material agreements.

A

A

You see, I end up with a lot of open tabs. Okay,.

A

This isn't looking good, so let's go and check out this verification material agreement. So let's look for this.

A

This doesn't look helpful.

A

Verification material agreement not found okay, so let's go into pure did: let's look for it here? How are we creating these things so.

A

Pure did helpers.

A

Okay verification, material agreement.

A

Input multi-base format expected.

A

Input multi-base format expected.

B

Okay, so basically.

A

Decode multi-base incoming buys.

A

Verification material decode for.

B

A

Multi-Base, okay, verification, material format, pdid.jwk; okay, so we want verification for my material jwk.

A

Okay, so let's see if this is used anywhere base 58.

A

I think we want this this thing, because we don't care about the numbers we care about, that we don't care about like that. This is sort of like you know we're getting into this key stuff.

B

B

B

A

A

A

So we need to figure out how do we make this work here? Pdid.

B

A

50 and key format.

A

This is the thing where to stand: get wd, okay, material type, material format,.

A

So where is this thing defined.

A

Okay format, value value union stir predict okay, so it could be a json web. Key, I think, is what I'm seeing. So, let's go ahead and say verification pdid instead of base 58 jwk jwk um and let's just do.

C

A

Okay, we're just gonna do one at a time.

A

Pid did I'll go one, okay, perfect all right, so we got our key right. So it looks like it's generating our key. um Let's see, what's the host name parameter.

A

I wonder no okay.

A

What's the hostname.

A

A

Comment: okay, yeah great.

A

Okay, so then we'll make this the comment.

A

A

Okay, so by default we'll do no comment. Then we won't have any hostname information going on.

B

A

All right so yeah, so we'll we'll make more configurable in the future right, um but right now this is what we got. Okay, so.

A

I like to add things so so we aren't ready to commit this yet or maybe we are so we can say git commit um uh generating uh fm morale key.

A

Key to pkcs eight format.

C

A

A

To import into json web key.

A

Okay, so, let's see say import from pam all right, so.

A

And we can so check this out.

A

So we can go ahead and just pop papa show right here.

A

Little basholy.

A

A

Oh wait: oh no nodemon makes things weird.

A

A

So I like to name.

A

So here's the path of the root private key. I like to name my variables.

A

Path: identity, root; okay, I think it helps to keep their type name on them somewhere. I usually was suffixing, but I think prefix probably makes more sense because it is a path. First of all, what type is it, then? What the hell is it right? And if you do that, then you can kind of always maintain what the hell. What are you working with here?

A

um Maybe we should switch to this format. That would be better yeah and you can see what it is right away.

A

So we want to load this thing in.

A

Oh, look at that so process converted it right over for us or oh, it must be uh run command or no suppressors did great all right, so load key to jwk.

A

A

All right there, it is there's the private key, all right: it's changing, okay, so let's import it to a jwk so, and I also like to do like when you read in stuff contents: identity root key.

A

um Actually I think what I was doing is identity rooty contents, oh yeah, so, and doing it this way, ah that's right! So if you do it this way, it doesn't really matter. You could do it either way, but um doing it.

A

This way, I think we're gonna be enable some auto refactoring, so we can actually, if you name variables this way, we'll rename we'll we'll do some automated refactoring in the future and uh grouping variables that came from several similar places with similar names we'll be able to create data classes or structures or whatever um you know so that you can properly organize your data and then and then refactor into dataflow architecture automatically.

A

A

Import key to jwk format got a wonderful work, open source community with all this stuff.

A

Okay, uh let's do yeah we'll keep we'll keep the the stuff consistent, so we'll say, identity root, key path, and I think the reasoning behind actually doing the uh type name as the suffix now I'm realizing was the fact that you know identity root. Key is almost like a structure that you're creating ad hoc and then dot path, dot. Contents right, um if you look at it that way so read and key generated.

A

Pem format, pkcs 8, ed 2, 5, 5, 1, 9, key import key to jdwk.

A

Read in okay, read in key contents: uh michelle support for.

A

A

Dot import from pem right so now we do. uh What is this.

B

Jw crypto.jwk.jwk.

A

A

So we'll go and.

A

A

Import jw, crypto.

A

A

Import from pam requires one positional argument: data.

A

Data password, okay, password equals self.parent dot, config.pass word was it did we do password or passphrase must have been passphrase.

A

I think passphrase is probably a better word for that perform missing data.

A

A

Data, maybe it needs to be read, bytes.

A

Password must be bytes like.

A

Okay, now we know that.

A

And we can say def post init, so this is our little conversion, so we can do. We can say passphrase.

A

uh This is some data class stuff.

A

Cross rating coding and we'll say this is uh byte encoding for string, passwords or passphrase.

A

And we should call this passphrase too, since um and then we'll default. This utf-8.

A

A

All right, let's see.

A

Default string, encoding.

A

I want to know if we can grab it from an environment or like some.

A

Python kit, encoding.

A

A

This just get default encoding, okay, great.

C

A

A

All right, so then, if we get this thing as something other than a string, if not, if is instance, uh self.passphrase bytes.

A

Then encode it or you know what. Let's just only take bytes.

A

That way they can get encoded themselves. There's no reason for us to do this, and then we can just go down here and we can say dot. Encode.

A

From buffer cannot return the address of a unicode object.

A

And code, all right: let's look at this passphrase or wait. Let's see, maybe four from pam.

A

Okay, so this is actually going to log the passphrase on the command line.

A

Yeah, that's not good. Okay yeah! We have to come up with secret ways of we have to come up with ways of showing secrets that.

A

We have to come up with ways of printing. Let's see.

B

C

A

So we found this issue.

A

And let's copy paste this.

A

For the debug logs there.

C

C

A

Okay, that should help us figure it out later that we're looking for the string and that's the passphrase, and we don't want to show it, um and we should also um add this to the list of things that we're drawing today. So we know what we found out when we found it out.

A

I need some water.

C

A

Some water, uh yeah I'll just be right back.

B

Okay back at it.

A

Okay, so from buffer.

A

Okay, so from buffer cannot return an address of a unicode object.

A

Let's just go ahead and print what we're doing.

A

uh We'll just say you know: print addict from people print import paper and then we'll say.

B

A

So, let's take a look: what do we got? Content password, something throw away? Okay and let's go to the json webkia api import from pam data bytes password bytes looks like our data is not bytes. Okay, read text, oh yeah, because we've swapped back and forth. Okay could not deserialize data key.

A

This is always what happens with the stupid crypto.

A

It's like open, ssl is yelling at you for this and openness is yelling at you for that and nothing is the right format. Despite the fact that all of the documentation says we use the same formats, I have no idea why it always ends up like this.

A

Okay, so begin open, ssh, private, key okay, so it wants bytes, so we probably have to decode from pam. So we have to decode from pam imports, a key from data from data loaded from pem file, ding ding, ding, ding, ding, ding, ding, ding, ding, okay, so.

A

Excuse me import from pam. Let's take a look.

A

So, let's poke around and see import from pam, okay, no usages.

A

Importing public ec keys, we are doing an ed key.

A

Did I read the open, ssl docs wrong.

A

A

Or pam? Okay, so maybe oh we're not doing pam oops my bad.

A

I thought it was. I was like I thought: pkcsa was its own format, but okay, so.

A

Pound public come public key by default.

A

Will cause the key to be stored in the legacy pen, private key format.

A

By default, openstage will write the newly generated private keys in its own format, but when converting public keys for export, the default format is our setting format of pam.

A

Okay. So is this thing not even changing begin open, ssh, private, key, okay, so open space stage, private key to pam.

A

That's what we need. I see I always get stuck around here.

A

Okay, so the pem format doesn't.

A

A

All right we'll make a little object for tempter.

A

Okay, we'll print everything in tempter.

A

All right come on list.

A

Okay, identity root, key dot, pub and identity root, key.

A

Okay, so files identity, root, key identity root, key pub, and we forgot to call that.

A

And identity root keep pub open, ssh private key.

B

Okay, that looks like.

A

Rookie pub looks like it's being stored in the open, ssh format, so it looks like it's not respecting those options at all either that are we're completely misunderstanding them.

A

Let's maybe try giving.

A

We'll just do this for now and we'll say passphrase and no comment.

A

Okay, id rsa, private, key okay. So that's there's a pem file, see begin rsa, private key.

A

Okay, so maybe it's the type.

B

B

A

What, if we put sk on the end, will it generate us a key? We want.

A

You may need to touch your identicator test rise, key generation.

C

Okay, I don't know what that is.

A

Sshk gen ed25.

B

A

Okay, so basically.

B

A

It just outputs it in the wrong format and you have to redo it.

C

A

So let's see rootkey pam path, all right and then we will read the key content.

A

Pam pem contents.

A

Right because this has to be pem.

A

Enter old, passphrase.

A

New passphrase dash, p or old passphrases dash p.

A

A

What is it doing uh f pass here? Okay,.

A

Okay, I thought you were key ready hub.

A

Okay, so this is just going to make this the same. It's going to overwrite the file.

C

A

So we're going to write the bytes that we read or so we're going to read.

A

Okay, identity root, key contents.

A

And why am I putting all these on separate lines? Because when you're debugging and one of these things fails and you have it all and the read any I o should be on its own line. But it's just new because or else your stack traces are going to be confusing.

A

All right, what do we got now so open, ssh, private, key, open, ssh, private, key and pam and root key those look the exact same to me.

A

B

C

I'm calling for help.

A

Why is there no way.

A

Yeah, oh my god, see why have enough shared format is so important: okay able to work with key files and pen just fine. I hear you buddy.

A

Okay, so what is this with open, ssh, open, so ssh keygen version.

A

Okay, I'm not not figuring out what what.

A

Empty browser generates a private key openssl compatible unencrypted format.

A

So maybe if we stop using a password.

A

Let's see open, ssh private key, open stage, private key looks all the same to me.

C

A

Changing the password, possibly from the definitely two empty, but not dash e.

A

As the stage keychain dash e operates on the new, I my family.

B

A

Uses the generic format, okay,.

A

But without the ec public, okay so began ec public key okay. So maybe oh I've run into this before so they are I've run into this before so they are being stored in pem format, but the header is wrong and the library is validating the header. So what we need to do is basically just say: ray bytes read bytes.

A

D

A

Begin open, ssh, private, key, okay,.

C

Yeah, hopefully this works.

A

Begin you see private key.

B

A

Begin ac, private, key, okay.

A

And open a filmmaking, you must basically be doing a no op on that.

B

A

What happens now?

A

Oh, we got a different error.

A

Let's see could not deserialize key data. Key data maybe be incorrect or maybe encrypted with an unsupported algorithm or maybe an unsupported key type ec curves with explicit parameters. Okay, so let's try asn 1 lib, okay,.

A

A

B

A

All right, so, let's try actually adding back that and then let's say uh no passphrase.

A

So pick an ec private key.

A

Okay, let's run this thing where we get rid of all right: let's.

A

Yeah, let's get rid of that: let's do it with no password.

A

And let's see if it likes it, okay again, you see private key pass. The pem contents.

A

Come contents: okay, could not deserialize key data. The data may be in an incorrect format from pam.

B

Okay, let's see.

A

Ssl algorithm out form pam. Okay, let's see what let's go look at what opens openssl generates.

A

Okay, begin private key, that's a whole lot smaller than what we have.

A

Begin private key, open, ssh, private key.

A

It can take these begin. Private key.

A

Again, private key okay, so it doesn't like it still begin. Private key begin product key in private key, okay,.

C

B

A

It looks like loading from ketos here: okay,.

B

A

I want this from an ssh key.

A

A

Ssh ed2 five to pam.

A

Where is myanswer.com.

A

Unfortunately, no.

B

Okay, so what about.

C

A

Let's look for pem here, okay, so.

A

Key should start within private.

A

Maybe we have an old version of open ssh keychain.

A

A

A

B

A

That doesn't work.

A

C

A

I don't like, what's going on here.

B

B

A

Okay, dash o causes to save private keys in the rather than walker battle. This new format has increased resistance to boost, but it's not supported by versions of offices. You are always always use the new private key format. Okay, there we go.

A

All right, so I struggled to make a.

A

A

Generate to private to pam format,.

A

Import your key into it.

A

How to load a private key generate.

C

Okay, um thanks jacob.

A

All right, let's see.

A

A

I wonder if we can generate it with openssl and convert it to ssh.

A

So yeah, if we can generate because this is going to allow us to sign in so if we can tie this together really neatly, um then we don't have to pass around multiple blobs of data for the initial auth.

D

D

C

C

A

I think we did see something where we were generating openness of cell keys.

A

A

Yeah, where were those there were some open, ssl commands? We just ran.

A

Where did we get these from okay.

B

B

Maybe if we set the cwd.

A

There, it is, is that it or.

B

Okay yeah, so we set the cwd okay.

A

A

Vegan ricky and veronicky still doesn't like us valid pam, but no begin certificate and certificate. Delimiters.

A

Begin easy! Okay, so we made progress, so it liked.

A

B

A

A

Are you sure this is a certificate, and what does it look like over here again, private key.

A

Valid pam but no begin certificate in certificate.

A

Import from pam.

C

Oh rust, cryptography.

B

B

A

Let's look for delimiters here we go.

A

Certificate request.

A

New certificate request.

B

A

Certificate x509 certificate; okay, so let's try certificate.

A

Instead of begin, private key begin certificate.

A

Error, parsing and asn 1 value, parser kind, unexpected tag, actual 11.

B

A

Back to tag actual 111.

A

Import openssl, ed1255.

A

One nine to open ssh.

C

Kitchen, I.

B

Extract the public.

A

Key from the certificate, pkcs 8 format, keys.

A

A

A

All right, jwk ssh. What is this.

B

A

B

A

Parse, an ssh public key and convert it to a public jwk.

A

Three years ago,.

C

B

B

Switch opens it ed ec public.

A

C

Browser version.

A

Public key parser, okay, so this will turn the public keys into json web tokens.

B

A

That'll allow us there, but we need to sign. We need to sign so.

A

I think okay, so can we do.

B

B

A

Okay, so we're going to generate the pem-1 now.

A

So now we're going to generate the pem1 using the openness cell command, and then we will attempt to convert it into an ssh key.

A

And why are we doing this? um Well because we're going to spin up a lot of infrastructure.

A

On demand, so we're going to need access to that and it's going to simplify everything and we had this whole thing about key base. But honestly, if we can just upload a key to github because reality is everything is on github. So.

A

And then we can bridge, we can very easily bridge. We can bridge our our actual axis via okay and see.

A

I'm not gonna I'll, save him.

B

A

Okay, so what happened? We did p key looks like it was good. um Just got some arguments combined here.

A

Morning, unprotected private key file.

A

Permissions root identity are to open.

C

Privacy will be ignored.

C

A

So let's go ch mod. It.

A

What is it zero? Oh, that should be octal.

B

All right, but it's I don't know.

A

Something something type of check that we use, uh but it's fuse required.

B

A

A

Format: okay, fail to low key in valid format; okay,.