A palliative fix for some inconsistency between the hashes of the sam…

…e key imported from different sources because of internal usage of PEM serialization an usage of hashsum of such a serialization as an internal keyid. This won't fix all the inconsistency issues, the way keys are hashed to obtain key ids should be completely reworked.
secure-systems-lab · Nov 29, 2022 · 7c159c9 · 7c159c9
1 parent 1ffd043
commit 7c159c9
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 10 deletions.
diff --git a/securesystemslib/ecdsa_keys.py b/securesystemslib/ecdsa_keys.py
@@ -155,12 +155,12 @@ def generate_public_and_private(scheme="ecdsa-sha2-nistp256"):
         encoding=serialization.Encoding.PEM,
         format=serialization.PrivateFormat.TraditionalOpenSSL,
         encryption_algorithm=serialization.NoEncryption(),
-    )
+    ).strip()
 
     public_pem = public_key.public_bytes(
         encoding=serialization.Encoding.PEM,
         format=serialization.PublicFormat.SubjectPublicKeyInfo,
-    )
+    ).strip()
 
     return public_pem.decode("utf-8"), private_pem.decode("utf-8")
 
@@ -438,12 +438,12 @@ def create_ecdsa_public_and_private_from_pem(pem, password=None):
         encoding=serialization.Encoding.PEM,
         format=serialization.PrivateFormat.TraditionalOpenSSL,
         encryption_algorithm=serialization.NoEncryption(),
-    )
+    ).strip()
 
     public = public.public_bytes(
         encoding=serialization.Encoding.PEM,
         format=serialization.PublicFormat.SubjectPublicKeyInfo,
-    )
+    ).strip()
 
     return public.decode("utf-8"), private.decode("utf-8")
 
@@ -510,7 +510,7 @@ def create_ecdsa_encrypted_pem(private_pem, passphrase):
         encryption_algorithm=serialization.BestAvailableEncryption(
             passphrase.encode("utf-8")
         ),
-    )
+    ).strip()
 
     return encrypted_private_pem
 

diff --git a/securesystemslib/rsa_keys.py b/securesystemslib/rsa_keys.py
@@ -220,15 +220,15 @@ def generate_rsa_public_and_private(bits=_DEFAULT_RSA_KEY_BITS):
         encoding=serialization.Encoding.PEM,
         format=serialization.PrivateFormat.TraditionalOpenSSL,
         encryption_algorithm=serialization.NoEncryption(),
-    )
+    ).strip()
 
     # Need to generate the public pem from the private key before serialization
     # to PEM.
     public_key = private_key.public_key()
     public_pem = public_key.public_bytes(
         encoding=serialization.Encoding.PEM,
         format=serialization.PublicFormat.SubjectPublicKeyInfo,
-    )
+    ).strip()
 
     return public_pem.decode("utf-8"), private_pem.decode("utf-8")
 
@@ -582,7 +582,7 @@ def create_rsa_encrypted_pem(private_key, passphrase):
         encryption_algorithm=serialization.BestAvailableEncryption(
             passphrase.encode("utf-8")
         ),
-    )
+    ).strip()
 
     return encrypted_pem.decode()
 
@@ -705,15 +705,15 @@ def create_rsa_public_and_private_from_pem(pem, passphrase=None):
         encoding=serialization.Encoding.PEM,
         format=serialization.PrivateFormat.TraditionalOpenSSL,
         encryption_algorithm=serialization.NoEncryption(),
-    )
+    ).strip()
 
     # Need to generate the public key from the private one before serializing
     # to PEM format.
     public_key = private_key.public_key()
     public_pem = public_key.public_bytes(
         encoding=serialization.Encoding.PEM,
         format=serialization.PublicFormat.SubjectPublicKeyInfo,
-    )
+    ).strip()
 
     return public_pem.decode(), private_pem.decode()