►
From YouTube: GSoC 2021 Git credentials binding 2021 07 28
Description
Jenkins git credentials binding office hours July 28, 2021. Topics included discussing issues with private keys.
Meeting notes are available at https://docs.google.com/document/d/1gZneYIDWrT5S-1ACG641wfvxs7vnDC0RCYqy-EuuhwY/edit#heading=h.m0lph2u36pvh
A
So
the
hardship
we
were
talking
about
before
you
joined,
we
were
just
kind
of
kicking
off
with
this
topic
of
the
private
key
support
and
things
that
we
should
check.
You
had
mentioned
something
in
the
getter
about
an
rsa,
a
rsa
encrypted
keys
that
you're
having
problems
with
with
the
library
you're.
Using
can
you
do
you
want
to
kick
off
the
discussion
on
with
some
detail
there.
C
A
D
C
D
So
harsha,
I
think
what
you're
hearing
is
that
we're
not
worried
about
pkcs8
format.
As
far
as
I
can
tell,
because
not
a
concern
because
openssh
doesn't
support
it
and
so
a
pkcs8
format
unless
you've,
unless
you
found
some
way
to
use
pkcs8
to
to
to
communicate
with
openssh
I've.
Never
I've
never
seen
it
mentioned
in
any
documentation.
C
C
B
C
A
Yeah,
I
agree,
I
think
kind
of
try
and
solve
the
the
broad
case,
and
then
you
know
if
we
need
to
create,
follow
jira
issues
or
something
like
that
or
just
declare
them.
As
you
know,
what's
what
is
supported?
We
could
even
declare
in
the
dock
and
then,
if
it's
unsupported
and
someone
wants
it,
they
create
an
issue
like
that
seems
like
an
option
to.
C
C
B
C
My
advice
would
be
first,
you
should
have
you
gone
through
the
unit
test,
so
actually
I
was
trying
to
find
their
unit
test.
I
was
not
able
to
right
down,
but
I
remember
that
in
the
unit
test,
they've
tested
a
lot
of
algorithms.
These
encryption,
algorithms
and
they've
shown
how
to
decrypt
them.
So
why
are
you
able
to
see
an
example
of
them
decrypting
a
ptc
state
format
key
because
I
vaguely
remember
that
I
saw
it,
but
I
I
just
I'm
not
able
to
find
it
right
now
from
github.
C
A
D
Now
harsha,
the
thing
I
didn't
understand
from
your
your
getter
comment
was,
I
think
you
said
that
rsa
is
not
working
for
you
with
when
using
open,
ssh
format.
Did
I
understand
that
correctly,
yeah?
Okay?
So
so
that's
that
would
be
a
red
hot
one,
because
rsa
is
the
default
used
on
many
of
the,
and
I
think
maybe
even
most
ssh
implementations.
B
You
know
the
ssj
ssj
library
is
decrypting
the
file
and
return
it
in
a
pkc
escape
format
in
form
of
byte,
adding
and
then
I'm
using
the
bouncy
castle
api
to
convert
it
into
a
new
format.
You
can
so
that
it
can
be
used
for
the
authentication
purpose,
because
by
data
is
not
that
much
supported.
I
guess
I
mean
it
was
showing
another
because
showing
an
issue
that
needs
to
just
secure.
B
C
B
B
C
A
A
B
C
So,
as
I
understand
it,
if
let's
say
your
rsa
pass
phase
predict
key
first,
it
will
be.
I
think
it
would
be
encrypted
by
a
cipher
right
like
aes,
something
like
that
aes256
and
then
that
is
decrypted,
and
the
second
step
would
be
to
give
you
that
rsa
format
formatted
key
into
into
a
bi-direction
and
you're,
saying
that
that
is
provided
to
you
in
a
pgcs8
format.
B
C
C
D
B
D
Yeah,
so
so
rse
are
for
me.
Rsa
key
support
is
crucial
without
our
without
rs
we
we
could,
we
could
ship
without
it,
I
guess,
but
the
pain
factor
would
be
enormous,
because
most
users
generate
rsa
keys
by
default.
So
if
we
truly
can't
make
it
work
with
ssh,
I
think
we
have
to
look
for
something
else
that
would
support
it,
yeah
or
or
provide
a
fix
back
to
that
allows
it
to
be
supported.
That
would
be
fine
as
well.
A
B
I
still
think
that
the
issue
is
in
ssj
lagging
so
because
the
binding
code
is
not
that
much
playing
role
in
the
in
decrypting.
The
key
and
you
know,
leaving
the
uni
byte
array.
It's
just
just
giving
the
key
in
string
format
and
and
then
outputting.
The
key
in
base
64
format,
even
using
the
bouncy
classic
plugin.
C
C
Could
there
be
a
reason
that
we're
not
consuming
the
crack?
They
may
be
decrypted
by
having
the
right
form
so
you're
saying.
First
of
all,
I
just
don't
understand
that
I'm
seeing
your
code
here
which
you've
written
in
the
issue
that
you
get
the
private
key
out
of
the
the
open,
ssh
key
one
key
file,
and
then
you
get
the
encoded
byte
right.
This
encoded
byte
array,
you
then
I
would
assume
the
decoded
base64
right.
B
C
E
C
C
C
A
A
A
D
C
A
D
Yeah,
certainly
the
I
would
expect
the
version
of
openssh
that's
installed
on
centos
7
to
be
dramatically
different
than
the
version
that
is
installed
on
openbsd69,
because
one
of
those
was
created.
What
centos,
7's
original
release
is
probably
seven
or
eight
years
ago
now
and
open
bsd
six
nine
released
in
may
of
this
year.
D
C
D
C
So
that
means
that
this,
since
the
the
rsc
key,
would
not
be
the
new
opening
format,
then
I
I
think
bouncy
castle
would
be
able
to
do
it
right
because
rsa
is
relatively
open.
Ssh
was
new
and
fall
and
they
don't
support
decryption
of
fast-paced,
protected
private
keys
when
they're
in
openssh
format,
but
rst,
I
think,
would
be
supported
by
like
not
even
ssj.
C
C
C
C
No
I'm
just
saying
I
was
saying
that,
if,
if
we
don't
have
to
so
the
issue
where
we
have
to
have
to
switch
from
bouncy
castle
to
system
started
from
a
point
where
openness
is
such
private
keys,
like
in
their
format,
that
that
is
where
bouncy
has
been
supporting
us.
But
since
rsa
is
when
we're
creating
keys,
which
are
in
rsa,
that
that
should
be
supported
by
it
is
supported
by
bouncing
acid.
C
A
D
I'm
I'm
trying
to
catch
myself
up
to
speed
just
reading
the
ssh
keygen
man
page,
and
I
think
I've
got
more
more
things
we
need
to
put
in
the
formats
in
the
key
f
or
maybe
less
things
to
put
in
the
key
formats.
There
are
three
key
formats
that
are
listed
here.
I'm
going
to
update
that
just
because
I
was
being
imprecise,
it
looks
like
they've
got
a
thing
called
rfc
4716,
slash,
ssh2
public,
okay,
that
one
we've
got
pem
and
then
pkcs8.
D
D
So
so
for
me,
I
think
justin
to
you
to
your
question.
I've
just
got.
I
need
to
do
more.
I
didn't
need
to
test
the
code
that
harshit
has
submitted
as
part
of
the
pull
request
and
see,
see
confirm
that
does
it
support
rsa
keys
that
I've
generated
if
it
does
which
kind
of
rsa
keys?
Does
it
not
support
that
sort
of
thing.
C
A
A
A
B
C
B
D
D
D
B
D
D
A
A
B
C
And
the
private
key,
when
you
open
it,
you
see
open,
ssh,
private,
key
or
using
rsa
private
key.
So
openness
is
it
yeah.
So
so
then,
the
pro
when
I
was
saying
that
rsa
should
be
supported
and
we
should
definitely
find
a
submission
for
bouncy
castle
problem.
So
this
is
not
the
rsa
algorithm
right.
This
would
be
open,
ssh
yeah.
We
would
need
to
look
at
ssj
because
ssj
was
is
able
to
decrypt
openssh
the
newer
format
with
different
algorithms.
C
D
So
harsh
you'll
continue
your
investigation
of
key
support
and
we'll
we'll
talk
further
on
friday.
If
I've
had
a
chance
to
do
some
interactive
testing,
we
can
look
at
the
results
then.
Otherwise
it
may
be
next
monday,
before
or
next
tuesday
or
wednesday.
Your
time
before,
I'm
ready
to
talk
about
test
results.