Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jsch.addIdentity() fails with IndexOutOfBounds when private key has CRLF line breaks #369

Open
AmairK00 opened this issue Aug 1, 2023 · 9 comments
Open

jsch.addIdentity() fails with IndexOutOfBounds when private key has CRLF line breaks #369

AmairK00 opened this issue Aug 1, 2023 · 9 comments
Milestone
0.2.11

Comments

@AmairK00
Copy link

AmairK00 commented Aug 1, 2023

Hi,

The below code does not work since the latest 0.2.10 release. Up to 0.2.9 this is working fine.
I don't have much idea on the library, so I cannot say if I have to use something different or if there is a configuration.
Please let me know.

String pkey="Key with CRLF linebreaks'
Jsch jsch = new Jsch()
jsch.addIndentity("file",pkey.getBytes(),null,null) // fails with ArrayIndexOutofBoundsException

logs:

java.lang.ArrayIndexOutOfBoundsException: arraycopy: last source index 1190 out of bounds for byte[1176]
	at java.base/java.lang.System.arraycopy(Native Method)
	at com.jcraft.jsch.KeyPairRSA.parse(KeyPairRSA.java:337)
	at com.jcraft.jsch.KeyPair.load(KeyPair.java:1126)
	at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:44)
	at com.jcraft.jsch.JSch.addIdentity(JSch.java:515)
	at com.test.jsch.JschMain.main(JschMain.java:60)

Exception in thread "main" com.jcraft.jsch.JSchException: invalid privatekey
	at com.jcraft.jsch.KeyPair.load(KeyPair.java:1129)
	at com.jcraft.jsch.IdentityFile.newInstance(IdentityFile.java:44)
	at com.jcraft.jsch.JSch.addIdentity(JSch.java:515)
	at com.test.jsch.JschMain.main(JschMain.java:60)
@norrisjeremy
Copy link
Contributor

HI @AmairK00,

  1. What type of private key are you using?
  • Does it start with -----BEGIN OPENSSH PRIVATE KEY-----?
  • Or does it start with -----BEGIN RSA PRIVATE KEY-----?
  • Or does it start with something else?
  1. Do I understand correctly the private key utilizes Windows type line endings (\r\n) and not Unix type line endings (\n)?
  • If so, can you confirm if the private key works if you switch it to using Unix type line endings (\n) instead?

Thanks,
Jeremy

@gmicherinas
Copy link

Hi all,
As OP said, my tests work as intended till 0.2.9. with 0.2.10 and I got this exact error.
I use jsch as part of camel-ftp with PK authentication as well.

I too had my keys with CRLF line endings. After changing them to LF my tests passed.

So I guess, I can also validate that the root cause should be that keys with CRLF aren't parsed correctly as @AmairK00 said.

@gmicherinas
Copy link

Mine starts with -----BEGIN OPENSSH PRIVATE KEY-----

@norrisjeremy
Copy link
Contributor

Ok, I have replicated this locally and will try to determine a solution.

@AmairK00
Copy link
Author

AmairK00 commented Aug 1, 2023

It starts with ----BEGIN RSA PRIVATE KEY-----. Yeah the key works when I change it to only '\n'

norrisjeremy added a commit to norrisjeremy/jsch that referenced this issue Aug 1, 2023
@norrisjeremy
mwiede#369 fix multi-line PEM key parsing to work with windows line e…
6d7508e 
…ndings due to regression from previous fix for mwiede#362.
@mwiede mwiede added this to the 0.2.11 milestone Aug 1, 2023
@norrisjeremy
Copy link
Contributor

Hi @AmairK00 & @gmicherinas,

Can you test with the JSch jar produced by Github CI from our latest changed located here and confirm if it fixes the issues you are seeing with files containing \r\n?

Thanks,
Jeremy

@norrisjeremy
Copy link
Contributor

Hi @AmairK00 & @gmicherinas,

Actually we have made a new 0.2.11 release that hopefully fixes this regression: can you test and confirm?

Thanks,
Jeremy

@AmairK00
Copy link
Author

AmairK00 commented Aug 1, 2023

Hi @norrisjeremy

The fix works for me. Thanks for the update.

@gmicherinas
Copy link

gmicherinas commented Aug 2, 2023
edited
Loading

with 0.2.10
image

with 0.2.11.SNAPSHOT
image

So, it resolves (at least) my problem.

I'll stick to 0.2.9 till 0.2.11 is released. (I'll update to 0.2.11 after all :))
Thanks a lot @norrisjeremy for the quick resolution. 👍

norrisjeremy added a commit to norrisjeremy/jsch that referenced this issue Aug 2, 2023
@norrisjeremy
Further refine previous fixes for windows line endings in PEM keys from
053a6b1 
mwiede#369 & mwiede#362.
@norrisjeremy norrisjeremy mentioned this issue Aug 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.2.11
Development

No branches or pull requests
4 participants
@mwiede @gmicherinas @norrisjeremy @AmairK00