►
From YouTube: GSoC 2021 Git credentials binding 2021 06 02
Description
Git credentials binding project office hours for Jenkins Google Summer of Code 2021. Topics included passphrase protected private keys on Linux and Windows username / password credentials.
A
Welcome
it's
the
git
credentials
binding
project,
and
this
is
the
2nd
of
june.
It's
7
30
a.m.
India
standard
time
thanks
very
much
for
being
here.
Remember
we
abide
by
the
jenkins
code
of
conduct
so
agenda
topics.
I
had
questions
from
the
last
meeting
task
to
update
jenkins.io
with
a
more
detailed
project
description
and
then
how
things
are
going
with
private
key
with
passphrase
how
things
going
private
key
without
passphrase
and
username
password
binding
prototype
on
windows.
A
A
B
Yes,
they
are
around
the
conversion
to
pen
format
of
the
open,
ssh
private
around.
I
I
just
asked
you
questions
around
this
topic.
C
And
that
should
be
okay.
Yes,
so
should
I
ask
yes.
B
B
Correct
me,
if
I'm
going
to
convert
it
into
a
pen
format,
because
we
know
that
open
ssh
versions
are
not
bouncy
castle.
Api
does
not
support
different
outcomes,
such
versions,
so
we
want
to
standardize
that
by
converting
it
into
a
pen
format.
Is
that
correct
question.
E
Yeah
I
mean
openness
is
a
general
now
generates
keys
by
default
in
the
new
format
that
is
proprietary
so,
and
the
bouncy
castle.
Api
only
supports
pem
format,
although
there
are
a
lot
of
other
formats,
but
only
supports
pem,
so
the
conversion
part
has
to
be
specific
on
the
pem
format.
B
Okay,
so
so
my
next
question
is
that,
and
I'm
not
sure
if
this
is
the
right
one,
but
my
limited
knowledge
with
them
is
that
I've
already
seen
certificates
primarily
dot
x,
509
certificates,
the.
B
And
about
private
keys,
what
we
try
to
do
here
is
that
we
want
to
if
we
are
talking
about
an
open,
ssh,
encrypted
private
key.
E
No
decrypting
will
be
like
when
the
as
such
private
key
is
encrypted
by
a
passphrase.
So,
okay,
it
will
be
we.
What
we
are
trying
to
do
is
encode
it
into
another
format.
We
won't
be
decrypting
it
decrypting
would
be
something
like
showing
the
underlying
structure
of
that
key.
It
is
in
a
sni
dot,
one
something
but
open
ssh.
Don't
support
that.
A
E
B
D
D
So
I
think
my
understanding
is
the
reason
we
want
to
decrypt
it
and
then
re-encrypt
in
another
format
is
so
that
we
don't
have
to
pass
a
key
with
a
passphrase
down
to
get
cli
so
that
we
have
to
like
do
terminal
dance
stuff.
D
E
A
I
mean
I'm
a
little
bit
astonished
actually
that
there
isn't
a
trivial
way
to
convert
an
open,
ssh
private
key
in
java,
but
I
gather
that
you've
searched
and
haven't
found
any
way
to
do
that.
A
No,
no,
it
was
for
it
was
for
harshit.
E
Yeah
mark
I
I
looked
in,
I
mean
I
looked
for
in
bouncy
castle,
javadocs
and
j
ca
javadocs,
but
I
couldn't
find
much
information
on
that,
because
the
format
they
support
mean
the
the
functionality
they
provide
is
basically
around
the
algorithms.
The
first
we
need
to
know
the
algorithm
encryption
algorithm.
We
we
have
generated
the
key
in.
If
we
have
not
been
able
to
figure
that
out,
I
mean
we
won't
be
able
to
perform
other
operations.
A
B
So
I
just
wanted
to
share
a
small
thing
here
that
I
have
one
strike.
B
Sorry,
so
I
have
one
strike:
converting
rsa
encrypted
private
key
into
a
pks,
cs8
format,
private
key
programmatically,
and
so
I
I
I
checked
that
code.
Once
I
was
looking
at
what
hershey
was
saying
that
we
need
the
algorithm
as
well,
and
I
please
correct
yes,
I
that's,
but
I
I'm
not
sure
if,
if
it
requests
two
things,
the
only
thing
I
remember
to
convert
converted-
and
I
am
seeing
my
code
here-
is
that
I
I
need
the
algorithm
with
by
which
the
private
key
the
input
private
key
is
encrypted.
A
So
so
in
and
you
say,
work
with
rsa
did
it
also
work
with?
Does
it
also
work
with
roderi
ed25.
A
B
So
so
I
am
using
the
java
security
package
and
this
is
key
factory
which
I
have
used
to
do
this,
but
I
I
have
to
look
into
it
more
to
be
able
to
answer
that
question.
E
Yeah,
I'm
sorry,
okay,
so
the
key
factory
I
had.
I
have
worked
on
that
as
well.
I
mean
there
is
a
javadoc
which
tells
which
type
of
algorithms
could
be
used
in
different
types
of
classes.
E
B
Well,
yeah
yeah,
so
the
way
it
is
working
is
that
we
have
to
provide
the
algorithm
yeah
and
the
key
spec,
and
that
key
spec
would
be
the
the
type
of
format
we
want
to
convert
our
input
key
into.
That
is
what
I
can
see
if
I,
if
I
share
three
lines
of
code,
which
essentially
capture
and
I'll,
share
them
in
the
chat.
E
Yeah
I
mean
key
spec
is
not
a
problem
because
it's
an
interface
and
there
is
no
method,
implement
method
implementation
or
to
override.
So
I
have
done
that.
I
have
implemented
a
class.
I
have
created
a
class
which
implements
the
key,
spec
and
and
created
method
specific
for
our
purpose.
But
the
main
problem
for
me
is
to
is
the
algorithm
and
the
format.
B
So
yes,
maybe
it's
not
for
okay,
so
the
x,
509,
encoded
key
space
must
be
for
the
pen
format
or
okay.
That's
that
is
not
always
necessary.
A
A
F
A
D
B
The
specific
format
algorithm,
so
I
think,
by
default
it
does
not
encrypt
it
with
rsa.
D
A
A
A
A
D
A
Those
lines
nope,
my
my,
but
let
me
generate
a
new
one,
just
to
be
sure,
okay,
sure
yeah
yeah.
I
can
do
the
same.
I
just
generated
one
and
yeah.
I
just
generated
this
one
ed
two
five
and
I
I
solemnly
promised
never
to
use
it,
so
I'm
gonna
paste
pretty
much
the
whole
thing.
A
A
I
mean
I
can,
I
can
certainly
do
checks.
We've
got.
I've
got
access
to
lots
of
systems
where
I
can
do
the
checks
to
to
see
what
format
they
take.
So
so
that's
that's
a
survey
that
well
and
actually
harshit
you've
got
access
to
centos.
You
said
right,
so
you
could.
You
could
certainly
check
the
boundaries
you've
gotten.
If
I
remember
right,
you've
got
an
ubuntu
system
or
a
debian
that
would
be
relatively
modern
and
then
centos
if
you've
got
centos
7
it's
about
as
old
as
we're
going
to
get.
D
Please
feel
free
to
laugh
at
me,
you're
correct,
mark.
I
was
on
the
wrong
machine.
Oh
good.
I
like
that.
Okay,
that's
a
relief!
Actually!
Yes,
I
was
like
what,
because
I
saw
what
you
said
and
I
was
like
yeah.
I
think
he's
right
here.
What's
going
on
wrong
machine.
D
A
E
Yeah,
I
was
previously
doing
this
only,
but
I
mean
this
is
not.
This
is
a
tentative
solution
and
the
user
might
not
have
the
ssh
keys
and
utility
or
the
open,
ssh
keygen
utility
they
might
have.
You
just
got
the
private
key
and
just
pasted
it
in
the
jenkins
credentials.
A
Yeah,
I'm
I'm
I'm
open
to
eat
that
tentative
solution
even
now,
because
it's
perfectly
okay
for
us
to
say
you
must,
I
think
it's
okay
anyway,
for
us
to
say
you
need
to
have
ssh
installed
on
your
image
so
that
we
can
use
it.
We've
got
to
be
able,
I
mean.
Actually
I
guess
I
I
should
say
it
differently.
They
already
have
to
have
ssh
installed,
at
least
enough
of
ssh,
that
that
git
can
use
ssh
for
transport.
A
D
A
E
A
Yeah-
and
that
was
the
answer-
the
terminal
prompt.
E
Yes,
like
there
will
be
now
how
many
like
three
separate
files
for
passwords
projected
protected
keys
if
using
it.
A
E
F
A
Okay,
so
that's
a
good
one
to
report
on.
Should
we
go
there
and
hear
how
that's
how
that's
doing
so.
E
A
A
E
I
mean
I
will
we
will
update
the
dock.
Only
after
when
I
have
figured
out
that
the
bouncy
castle
api
is
working,
fine.
A
Okay,
I
I
just
my
thought:
was
it's
probably
good
for
you
to
to
post
something
there
sooner
well,
I
would
think
before
we
conclude
community
bonding
on
the
seventh
that
be
good
just
to
show
hey
here's,
the
progress
we've
made
so
far,
here's
what
we've
got,
but
that's
still
six
days
away.
So
you
are
five
days
away.
So
you've
still
got
time.
A
Well,
I
think
I
think
the
goal
would
be
share
either
your
design
document
or
your
ideas
of
or
the
results
of,
your
exploring.
You
know,
basically,
it's
a
a
post
to
describe
here.
Let
me
look
and
see
just
I've
got
to
see
what
others
are
doing.
Just
a
minute:
github
jenkins,
dot
io.
I
think
we.
A
A
A
A
A
Likewise,
probably
on
a
plan
for
a
demo
after
first
demonstration,
after
first
release
or
after
you
know
at
at
some
progress
point,
I
those
have
typically
been
in
jenkins
online
meetups.
If
I
remember
right
and
usually
as
a
group,
multiple
multiple
projects
present
in
a
single
meetup.
A
A
B
I
actually
we
have.
We
had
three,
I
think
evaluations
last
time,
phase
one
and
then
the
final
one.
A
Okay,
so
then
you
should
plan
the
same.
That
phase
one
end
demonstration
and
10
to
15
minute
with
a
demo
in
a
10
to
15
minute
talk.
A
A
E
E
B
So
my
if
so
my
my
question
is
that
or
what
I'm
seeing
is
that
the
pem
format
is
essentially
a
base64
translation
of
x509
keys.
B
So
if,
if
I'm
not
wrong
about
that,
then
I
can
see
that
so
what
was
talking
about
the
key
spec
and
the
algorithm
required
for
us
to
convert
it
into
pem.
So
let's
say
we
know
the
algorithm.
I
can
see
that
there
are
two
default
implementations
for
the
key
spec
one
is
for
the
pkcs8
format.
The
other
one
is
for
the
x509
format,
key
spec.
If
we're
able
to
do
that
and
then
we
encode
it
with
base64,
will
we
reach
with
the
pem
format?
B
Okay,
so
I
guess
I
I
just
want
to
ask:
is
that?
Is
there
a
conceptual
mistake,
I'm
making
when
I'm
saying
all
of
this.
B
So
what
I
mean
is
that
this,
the
code
I
shared
here
is
is
is
a
way
where,
where
I
converted
the
rsa
encoded
private
key
into
a
pkcs
encoded
key,
which
was
then
I
used
that
to
store
it
into
a
keystroke.
That
is
how
I
used
it
now.
What
I'm
saying
is
that
it
requires
two
things
for
for
the
conversion.
The
first
is
the
algorithm
which
I
I
haven't
shared,
but
it
was
essentially
rsa
in
my
case.
I
knew
that
it
was
always
going
to
be
the
same
case.
B
Let's
say
we
know
the
algorithm.
We
are
sure
that
we
can
understand
which
algorithm
is
used
to
encrypt
the
input
key
we
will
have.
The
second
thing
is
about
the
key
spec
and
both
of
those
things
are
used
to
generate
a
private
key
programmatically
using
the
key
factory.
B
B
So
from
what
I
know
about
pen
format,
it
is
a
base,
64
translation
of
the
x509
key.
If,
if
that
is
not
wrong,
then
essentially
what
we
have
to
do
is
to
convert
this
using
the
key
spec
of
kf
x,
509
and
then
base
64
encoded.
B
A
A
B
F
A
A
C
So
we
we
do
have
two.
C
A
A
A
A
A
A
A
B
Worth
investigating,
I
I'm
sure
harshit
has
investigated
it
so,
but
if
we
see
yeah.
E
A
A
A
B
A
We
well
we
we
can
accept.
I
worry
that
that
I
don't
know
what
what
this
one
means
that
particular,
what
does
prov
mean
in
this
case,
is
that
provisional?
Is
that
something
there's
there's
some
concept
there
that
I
don't
think
I've
ever
seen
that
reference,
and
so
that
would
be
something
just
to
check
to
be
safeguarded
to
see.
Okay
did
it?
Does
it
in
fact
do
what
we
want
and
will
it
can
we
use
it?
B
We
want
to
reference
to
the
we
want
to
take
the
bouncing
st
api
plugins
dependency
as
a
reference,
because
that
we
know
has
been
tested
within
jenkins
environment.
You
know
it's
safe.
A
Now
that
doesn't
stop
us
from
using
it
that
doesn't
prevent
it.
It's
just
it
means
we've
got
it.
Harshit
would
have
to
do
some
more
research
to
be
sure
is.
Is
it
okay
that
we
include
that
inside
jenkins
and
does
it
solve
the
problem?
It
may
not
solve
the
problem
if
it
doesn't
meet
the
needs,
then
including
it
in
jenkins,
is
irrelevant,
but
harshad
it
seems
worth
it.
If
you
can
stand
to
do
the
exploration
to
do
some
exploration
around
this
particular
api
and
see
if
it'll.
E
A
A
E
A
And
that
is
that
is
what's
done
by
default
until
I
think
openssh
on
on
openbsd
now
has
changed
that,
let
me
go
look
just
to
be
sure.
A
A
A
E
A
E
A
A
A
E
E
A
A
Okay,
so
two
days
from
now,
then,
okay
with.
D
Feel
free
to
go
go
ahead.
Without
me,
I
will
do
the
same
follow-up.
A
I
wonder
if
marky
had
a
problem
with
with
time
he
had
said
that
it
was
okay
with
him,
but
it
could.
C
A
B
A
E
E
A
B
B
I
I
also
want
to
explore
the
concept
of
using
pkcs8
format
to
store
private
keys.
D
B
A
Thank
you
all
right,
thanks
everybody
I'll
post
recordings
shortly
the
recording
from
last
session.
I
think
I
already
posted,
but
if
not
my
apologies,
I'll
try
to
get
it
done.