►
From YouTube: GSoC 2021 Git credentials binding 2021 06 02
Description
Git credentials binding project office hours for Jenkins Google Summer of Code 2021. Topics included passphrase protected private keys on Linux and Windows username / password credentials.
A
Welcome
it's
the
git
credentials
binding
project,
and
this
is
the
2nd
of
june.
It's
7
30
a.m.
India
standard
time
thanks
very
much
for
being
here.
Remember
we
abide
by
the
jenkins
code
of
conduct
so
agenda
topics.
I
had
questions
from
the
last
meeting
task
to
update
jenkins.io
with
a
more
detailed
project
description
and
then
how
things
are
going
with
private
key
with
passphrase
how
things
going
private
key
without
passphrase
and
username
password
binding
prototype
on
windows.
A
A
B
B
E
E
No
decrypting
will
be
like
when
the
as
such
private
key
is
encrypted
by
a
passphrase.
So,
okay,
it
will
be
we.
What
we
are
trying
to
do
is
encode
it
into
another
format.
We
won't
be
decrypting
it
decrypting
would
be
something
like
showing
the
underlying
structure
of
that
key.
It
is
in
a
sni
dot,
one
something
but
open
ssh.
Don't
support
that.
A
E
B
D
D
E
E
Yeah
mark
I
I
looked
in,
I
mean
I
looked
for
in
bouncy
castle,
javadocs
and
j
ca
javadocs,
but
I
couldn't
find
much
information
on
that,
because
the
format
they
support
mean
the
the
functionality
they
provide
is
basically
around
the
algorithms.
The
first
we
need
to
know
the
algorithm
encryption
algorithm.
We
we
have
generated
the
key
in.
If
we
have
not
been
able
to
figure
that
out,
I
mean
we
won't
be
able
to
perform
other
operations.
A
B
Sorry,
so
I
have
one
strike:
converting
rsa
encrypted
private
key
into
a
pks,
cs8
format,
private
key
programmatically,
and
so
I
I
I
checked
that
code.
Once
I
was
looking
at
what
hershey
was
saying
that
we
need
the
algorithm
as
well,
and
I
please
correct
yes,
I
that's,
but
I
I'm
not
sure
if,
if
it
requests
two
things,
the
only
thing
I
remember
to
convert
converted-
and
I
am
seeing
my
code
here-
is
that
I
I
need
the
algorithm
with
by
which
the
private
key
the
input
private
key
is
encrypted.
A
E
E
B
Well,
yeah
yeah,
so
the
way
it
is
working
is
that
we
have
to
provide
the
algorithm
yeah
and
the
key
spec,
and
that
key
spec
would
be
the
the
type
of
format
we
want
to
convert
our
input
key
into.
That
is
what
I
can
see
if
I,
if
I
share
three
lines
of
code,
which
essentially
capture
and
I'll,
share
them
in
the
chat.
E
Yeah
I
mean
key
spec
is
not
a
problem
because
it's
an
interface
and
there
is
no
method,
implement
method
implementation
or
to
override.
So
I
have
done
that.
I
have
implemented
a
class.
I
have
created
a
class
which
implements
the
key,
spec
and
and
created
method
specific
for
our
purpose.
But
the
main
problem
for
me
is
to
is
the
algorithm
and
the
format.
B
A
A
F
A
D
D
A
A
A
A
D
A
A
A
A
I
mean
I
can,
I
can
certainly
do
checks.
We've
got.
I've
got
access
to
lots
of
systems
where
I
can
do
the
checks
to
to
see
what
format
they
take.
So
so
that's
that's
a
survey
that
well
and
actually
harshit
you've
got
access
to
centos.
You
said
right,
so
you
could.
You
could
certainly
check
the
boundaries
you've
gotten.
If
I
remember
right,
you've
got
an
ubuntu
system
or
a
debian
that
would
be
relatively
modern
and
then
centos
if
you've
got
centos
7
it's
about
as
old
as
we're
going
to
get.
D
D
A
E
A
Yeah,
I'm
I'm
I'm
open
to
eat
that
tentative
solution
even
now,
because
it's
perfectly
okay
for
us
to
say
you
must,
I
think
it's
okay
anyway,
for
us
to
say
you
need
to
have
ssh
installed
on
your
image
so
that
we
can
use
it.
We've
got
to
be
able,
I
mean.
Actually
I
guess
I
I
should
say
it
differently.
They
already
have
to
have
ssh
installed,
at
least
enough
of
ssh,
that
that
git
can
use
ssh
for
transport.
A
D
A
E
A
E
F
A
E
A
A
E
A
Okay,
I
I
just
my
thought:
was
it's
probably
good
for
you
to
to
post
something
there
sooner
well,
I
would
think
before
we
conclude
community
bonding
on
the
seventh
that
be
good
just
to
show
hey
here's,
the
progress
we've
made
so
far,
here's
what
we've
got,
but
that's
still
six
days
away.
So
you
are
five
days
away.
So
you've
still
got
time.
A
A
A
A
A
A
A
A
B
A
A
A
E
E
B
So
if,
if
I'm
not
wrong
about
that,
then
I
can
see
that
so
what
was
talking
about
the
key
spec
and
the
algorithm
required
for
us
to
convert
it
into
pem.
So
let's
say
we
know
the
algorithm.
I
can
see
that
there
are
two
default
implementations
for
the
key
spec
one
is
for
the
pkcs8
format.
The
other
one
is
for
the
x509
format,
key
spec.
If
we're
able
to
do
that
and
then
we
encode
it
with
base64,
will
we
reach
with
the
pem
format?
B
B
So
what
I
mean
is
that
this,
the
code
I
shared
here
is
is
is
a
way
where,
where
I
converted
the
rsa
encoded
private
key
into
a
pkcs
encoded
key,
which
was
then
I
used
that
to
store
it
into
a
keystroke.
That
is
how
I
used
it
now.
What
I'm
saying
is
that
it
requires
two
things
for
for
the
conversion.
The
first
is
the
algorithm
which
I
I
haven't
shared,
but
it
was
essentially
rsa
in
my
case.
I
knew
that
it
was
always
going
to
be
the
same
case.
B
B
B
B
A
A
B
F
A
A
C
A
A
A
A
A
A
A
A
A
A
B
A
We
well
we
we
can
accept.
I
worry
that
that
I
don't
know
what
what
this
one
means
that
particular,
what
does
prov
mean
in
this
case,
is
that
provisional?
Is
that
something
there's
there's
some
concept
there
that
I
don't
think
I've
ever
seen
that
reference,
and
so
that
would
be
something
just
to
check
to
be
safeguarded
to
see.
Okay
did
it?
Does
it
in
fact
do
what
we
want
and
will
it
can
we
use
it?
B
A
Now
that
doesn't
stop
us
from
using
it
that
doesn't
prevent
it.
It's
just
it
means
we've
got
it.
Harshit
would
have
to
do
some
more
research
to
be
sure
is.
Is
it
okay
that
we
include
that
inside
jenkins
and
does
it
solve
the
problem?
It
may
not
solve
the
problem
if
it
doesn't
meet
the
needs,
then
including
it
in
jenkins,
is
irrelevant,
but
harshad
it
seems
worth
it.
If
you
can
stand
to
do
the
exploration
to
do
some
exploration
around
this
particular
api
and
see
if
it'll.