►
From YouTube: GSoC 2021 Git credentials binding 2021 07 28
Description
Jenkins git credentials binding office hours July 28, 2021. Topics included discussing issues with private keys.
Meeting notes are available at https://docs.google.com/document/d/1gZneYIDWrT5S-1ACG641wfvxs7vnDC0RCYqy-EuuhwY/edit#heading=h.m0lph2u36pvh
A
Cool
looks
like
it's
recording,
so
we've
got
a
credentials
binding
project
july
28th,
7
30
a.m,
india
standard
time.
A
So
the
hardship
we
were
talking
about
before
you
joined,
we
were
just
kind
of
kicking
off
with
this
topic
of
the
private
key
support
and
things
that
we
should
check.
You
had
mentioned
something
in
the
getter
about
an
rsa,
a
rsa
encrypted
keys
that
you're
having
problems
with
with
the
library
you're.
Using
can
you
do
you
want
to
kick
off
the
discussion
on
with
some
detail
there.
C
Oh,
no,
that's!
Okay,
because
I
can
see
from
there
from
their
read
me
they're
saying
in
the
supported
algorithms.
I
can
see
rsa
in
fact,.
A
B
Also,
I
just
discovered
more
that
pkcs
encrypted
encoding
is
not
supported,
the
not
supported
in
the
bouncy
castle,
plugin
api,
like
it's
showing
an
error
when
I
was
performing
tests,
so
I
think
I
need
to
either
open
an
issue
or
make
a
video
regarding
that.
D
C
Yeah
and
I
I
thought
that
the
pkcs8
format
is
used
for
certificates
right,
I
mean
storing
certificate
changes,
sort
of
a
format
which
is
used
to
store
intermediate
and
client
root
certificates.
C
D
So
harsha,
I
think
what
you're
hearing
is
that
we're
not
worried
about
pkcs8
format.
As
far
as
I
can
tell,
because
not
a
concern
because
openssh
doesn't
support
it
and
so
a
pkcs8
format
unless
you've,
unless
you
found
some
way
to
use
pkcs8
to
to
to
communicate
with
openssh
I've.
Never
I've
never
seen
it
mentioned
in
any
documentation.
C
C
B
C
So
what
I
was,
what
I
was
trying
to
say
is
that
when
we're
talking
about
releasing
this
ssh
private
key
as
a
binding
for
the
git
plugin,
should
we
not
focus
on
encryptions
and
formats
which
we
know
for
sure
are
going
to
be
encountered
by
90
or,
let's
see
80
percent
of
the
user?
C
C
I
mean
is:
is
that
a
viable
strategy
we
could
use
mark
chest
and
membership.
A
Yeah,
I
agree,
I
think
kind
of
try
and
solve
the
the
broad
case,
and
then
you
know
if
we
need
to
create,
follow
jira
issues
or
something
like
that
or
just
declare
them.
As
you
know,
what's
what
is
supported?
We
could
even
declare
in
the
dock
and
then,
if
it's
unsupported
and
someone
wants
it,
they
create
an
issue
like
that
seems
like
an
option
to.
C
C
B
C
My
advice
would
be
first,
you
should
have
you
gone
through
the
unit
test,
so
actually
I
was
trying
to
find
their
unit
test.
I
was
not
able
to
right
down,
but
I
remember
that
in
the
unit
test,
they've
tested
a
lot
of
algorithms.
These
encryption,
algorithms
and
they've
shown
how
to
decrypt
them.
So
why
are
you
able
to
see
an
example
of
them
decrypting
a
ptc
state
format
key
because
I
vaguely
remember
that
I
saw
it,
but
I
I
just
I'm
not
able
to
find
it
right
now
from
github.
C
So
what
I'm
trying
to
say
is
just
make
sure
that
it
is
a
bug
from
their
side
and
not
because
maybe
we
are
giving
a
wrong
input
or
there
is
something
that
they
something
different,
that
they
are
expecting.
Something
like
that.
A
D
Now
harsha,
the
thing
I
didn't
understand
from
your
your
getter
comment
was,
I
think
you
said
that
rsa
is
not
working
for
you
with
when
using
open,
ssh
format.
Did
I
understand
that
correctly,
yeah?
Okay?
So
so
that's
that
would
be
a
red
hot
one,
because
rsa
is
the
default
used
on
many
of
the,
and
I
think
maybe
even
most
ssh
implementations.
B
You
know
the
ssj
ssj
library
is
decrypting
the
file
and
return
it
in
a
pkc
escape
format
in
form
of
byte,
adding
and
then
I'm
using
the
bouncy
castle
api
to
convert
it
into
a
new
format.
You
can
so
that
it
can
be
used
for
the
authentication
purpose,
because
by
data
is
not
that
much
supported.
I
guess
I
mean
it
was
showing
another
because
showing
an
issue
that
needs
to
just
secure.
B
C
But
I
didn't,
I
did
not
understand
what
is
your
issue.
Your
issue
is
that
you
are
not
able
to
use
that
byte
array
and
then
is
there
an
issue
with
the
transformation
to
the
pem
format
from
pkcs8,
or
is
there
an
issue
in
decrypting
that
key.
B
B
C
A
But
I
guess,
are
you
able
to
take
the
bite
array
and
put
it
down
on
the
file
system
and
see
if
that
works?
Oh,
yes,
without
going
taking
that
extra
step.
A
B
C
So,
as
I
understand
it,
if
let's
say
your
rsa
pass
phase
predict
key
first,
it
will
be.
I
think
it
would
be
encrypted
by
a
cipher
right
like
aes,
something
like
that
aes256
and
then
that
is
decrypted,
and
the
second
step
would
be
to
give
you
that
rsa
format
formatted
key
into
into
a
bi-direction
and
you're,
saying
that
that
is
provided
to
you
in
a
pgcs8
format.
B
B
Oh
yeah,
I
mean
if
I
am
wrong,
they
could
even
point
me
to
that
direction
and.
C
C
D
B
D
Yeah,
so
so
rse
are
for
me.
Rsa
key
support
is
crucial
without
our
without
rs
we
we
could,
we
could
ship
without
it,
I
guess,
but
the
pain
factor
would
be
enormous,
because
most
users
generate
rsa
keys
by
default.
So
if
we
truly
can't
make
it
work
with
ssh,
I
think
we
have
to
look
for
something
else
that
would
support
it,
yeah
or
or
provide
a
fix
back
to
that
allows
it
to
be
supported.
That
would
be
fine
as
well.
D
A
Yeah-
and
I
guess
hardship,
I
think
you
said
that
you
just
recently
discovered
this,
and
maybe
some
more
debugging
can
go
into
whether
this
you
know
there's
just
something
else
that
needs
to
be
done
or
something
like
that
is.
That
is
my
understanding,
correct.
B
I
still
think
that
the
issue
is
in
ssj
lagging
so
because
the
binding
code
is
not
that
much
playing
role
in
the
in
decrypting.
The
key
and
you
know,
leaving
the
uni
byte
array.
It's
just
just
giving
the
key
in
string
format
and
and
then
outputting.
The
key
in
base
64
format,
even
using
the
bouncy
classic
plugin.
C
C
Could
there
be
a
reason
that
we're
not
consuming
the
crack?
They
may
be
decrypted
by
having
the
right
form
so
you're
saying.
First
of
all,
I
just
don't
understand
that
I'm
seeing
your
code
here
which
you've
written
in
the
issue
that
you
get
the
private
key
out
of
the
the
open,
ssh
key
one
key
file,
and
then
you
get
the
encoded
byte
right.
This
encoded
byte
array,
you
then
I
would
assume
the
decoded
base64
right.
C
And
then,
since
this
is
pkcs,
it
is
whereas
I
understand
you
were
working
with
pem
for
mac
files
right,
so
you
would
be
doing
that
conversion
as
well.
B
C
E
C
C
C
A
A
A
C
And
and
when
we're
talking
about
rs,
so
I
was
when
I
was
reading
about
open,
ssh's
new
format
which
they
implemented.
C
D
C
A
D
Yeah,
certainly
the
I
would
expect
the
version
of
openssh
that's
installed
on
centos
7
to
be
dramatically
different
than
the
version
that
is
installed
on
openbsd69,
because
one
of
those
was
created.
What
centos,
7's
original
release
is
probably
seven
or
eight
years
ago
now
and
open
bsd
six
nine
released
in
may
of
this
year.
D
C
D
C
So
that
means
that
this,
since
the
the
rsc
key,
would
not
be
the
new
opening
format,
then
I
I
think
bouncy
castle
would
be
able
to
do
it
right
because
rsa
is
relatively
open.
Ssh
was
new
and
fall
and
they
don't
support
decryption
of
fast-paced,
protected
private
keys
when
they're
in
openssh
format,
but
rst,
I
think,
would
be
supported
by
like
not
even
ssj.
C
C
C
C
No
I'm
just
saying
I
was
saying
that,
if,
if
we
don't
have
to
so
the
issue
where
we
have
to
have
to
switch
from
bouncy
castle
to
system
started
from
a
point
where
openness
is
such
private
keys,
like
in
their
format,
that
that
is
where
bouncy
has
been
supporting
us.
But
since
rsa
is
when
we're
creating
keys,
which
are
in
rsa,
that
that
should
be
supported
by
it
is
supported
by
bouncing
acid.
C
A
Okay,
yeah
any
other
thoughts
on
that
one
or
any
other
concerns
that
we
need
to
talk
about.
Besides
that,
it's
a
big
one.
D
I'm
I'm
trying
to
catch
myself
up
to
speed
just
reading
the
ssh
keygen
man
page,
and
I
think
I've
got
more
more
things
we
need
to
put
in
the
formats
in
the
key
f
or
maybe
less
things
to
put
in
the
key
formats.
There
are
three
key
formats
that
are
listed
here.
I'm
going
to
update
that
just
because
I
was
being
imprecise,
it
looks
like
they've
got
a
thing
called
rfc
4716,
slash,
ssh2
public,
okay,
that
one
we've
got
pem
and
then
pkcs8.
D
D
So
so
for
me,
I
think
justin
to
you
to
your
question.
I've
just
got.
I
need
to
do
more.
I
didn't
need
to
test
the
code
that
harshit
has
submitted
as
part
of
the
pull
request
and
see,
see
confirm
that
does
it
support
rsa
keys
that
I've
generated
if
it
does
which
kind
of
rsa
keys?
Does
it
not
support
that
sort
of
thing.
C
A
A
A
B
Just
I
have
just
one
thing
to
a
smart
like
off
topic
so
mark
the
issue
that
I
encountered.
When
the
you
know
the
art
plugin
artifact
version
was
4.19,
so
it
was
dissolved
when
it
bumped
you,
so
you
changed
it
to
4.21.
So
can
you
tell.
C
B
D
D
D
B
I
updated
about
first
before
that
I
was
running
3.6.1,
so
it
showed
an
error,
so
I
upgraded
updated
it
to
3.8.1
or
0.
I
think
8.1.
D
D
A
A
Yeah
I've
I've
had
yeah.
The
two
systems
thing
is
interesting,
though.
I've
had
similar
local
maven
cache
sad
times
before
that
sometimes
magically
fix
themselves
after
a
clean
but
yeah
with
two
systems.
C
B
C
And
the
private
key,
when
you
open
it,
you
see
open,
ssh,
private,
key
or
using
rsa
private
key.
So
openness
is
it
yeah.
So
so
then,
the
pro
when
I
was
saying
that
rsa
should
be
supported
and
we
should
definitely
find
a
submission
for
bouncy
castle
problem.
So
this
is
not
the
rsa
algorithm
right.
This
would
be
open,
ssh
yeah.
We
would
need
to
look
at
ssj
because
ssj
was
is
able
to
decrypt
openssh
the
newer
format
with
different
algorithms.
C
D
So
harsh
you'll
continue
your
investigation
of
key
support
and
we'll
we'll
talk
further
on
friday.
If
I've
had
a
chance
to
do
some
interactive
testing,
we
can
look
at
the
results
then.
Otherwise
it
may
be
next
monday,
before
or
next
tuesday
or
wednesday.
Your
time
before,
I'm
ready
to
talk
about
test
results.
A
Yeah
but
yeah.
I
also
like
rishabh's
idea
about
looking
to
see
if
there's
any,
if
you
can
find
any
unit
tests
for
bouncy
castle.
D
C
C
C
A
Cool
all
right.
Well,
I
guess,
if
we
have
nothing
else,
we
can
close
her
out
thanks.
Everybody
thanks
thanks.
Everybody
all
right
have
a
good
one.
Take
care.