Opened 4 months ago

Last modified 8 weeks ago

#33032 merge_ready defect

Decode key files with Unix or Windows newlines

Reported by: larshilse Owned by: nickm
Priority: Medium Milestone: Tor: 0.4.2.x-final
Component: Core Tor/Tor Version: Tor: 0.3.5.8
Severity: Normal Keywords: Scallion, onion, private key, 044-should, 035-backport, 041-backport, 042-backport, 043-backport, consider-backport-after-0435
Cc: dgoulet, asn Actual Points: .2
Parent ID: Points: 0.5
Reviewer: asn Sponsor:

Description (last modified by teor)

Update:

In my case culprit was the line endings in PEM, lines were terminated Windows-style - {CR}{LF}. Changed them to {LF} and keys were read just fine.

After the upgrade to v 0.3.5.8 my onion wasn't available anymore.

This is the info I get when attempting to start tor:

Jan 23 00:29:34.000 [warn] Error decoding PEM wrapper while reading private key
Jan 23 00:29:34.000 [warn] Unable to decode private key from file "/var/lib/tor/hidden_serviceprivate_key"
Jan 23 00:29:34.000 [err] Error loading private key.
Jan 23 00:29:34.000 [warn] Error loading rendezvous service keys
Jan 23 00:29:34.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.3.5.8 )
Jan 23 00:29:34.000 [err] Reading config failed--see warnings above.

More users are having the same issue, that their Scallion generated keys cannot be read by the most recent version of TOR.

Any ideas?

Child Tickets

Attachments (2)

private_key (887 bytes) - added by asn 4 months ago.
scallion private key (working)
hostname (23 bytes) - added by asn 4 months ago.
scallion hostname (working)

Download all attachments as: .zip

Change History (26)

comment:1 Changed 4 months ago by nickm

Cc: dgoulet asn added
Keywords: 043-should 035-backport 041-backport 042-backport added; removed
Milestone: Tor: 0.4.3.x-final

comment:2 Changed 4 months ago by ahf

Owner: set to asn
Status: newassigned

Assigning this HS ticket to asn. Feel free to reorganize the ownership if David is a better choice here for example.

comment:3 Changed 4 months ago by asn

Hm, I can't reproduce with the scallion keys found in the README with tor master or with tor 0.3.5.8.

Is it possible you give me a scallion key directory that doesn't work for you, so that I can try to reproduce?

Thanks!

comment:4 Changed 4 months ago by larshilse

It's in

Jan 23 00:29:34.000 [warn] Unable to decode private key from file "/var/lib/tor/hidden_serviceprivate_key"

for me. I did just notice that the slash before "private_key" is missing. Are you getting the same issue?

Also, I could send you my scallion.exe - perhaps that helps?

comment:5 Changed 4 months ago by larshilse

I tested the PK in multiple ways.

  1. took the file itself and introduced it; thought permission issues were the case.
  2. generated new key and hostname > then c&p the content of the old keys into it

still the problem persisted.

comment:6 Changed 4 months ago by asn

Yes the slash should not be missing.

Can you please generate a new key and hostname and attach it to this ticket?

Thanks!

Changed 4 months ago by asn

Attachment: private_key added

scallion private key (working)

Changed 4 months ago by asn

Attachment: hostname added

scallion hostname (working)

comment:7 Changed 4 months ago by asn

Resolution: worksforme
Status: assignedclosed

Hello, I can't replicate the bug. I downloaded scallion for Windows and generated the hostname and private keey that I attached above. I managed to start tor 0.4.3 with it just fine.

Please make sure that this is not a problem with your torrc and if you are positive feel free to reopen the ticket with more info.

Thanks!

comment:8 Changed 3 months ago by teor

Keywords: 043-should 035-backport 041-backport 042-backport removed

comment:9 Changed 3 months ago by mr_rokman

I've had a similar problem while migrating relay keys from Windows to Debian. Same message "Error decoding PEM wrapper while reading private key". In my case culprit was the line endings in PEM, lines were terminated Windows-style - {CR}{LF}. Changed them to {LF} and keys were read just fine.

comment:10 Changed 3 months ago by teor

Description: modified (diff)
Keywords: 044-should 035-backport 041-backport 042-backport 043-backport added
Milestone: Tor: 0.4.3.x-finalTor: 0.4.4.x-final
Points: 0.5
Resolution: worksforme
Severity: MajorNormal
Status: closedreopened
Summary: Private keys from Scallion vanity .onion not workingDecode key files with Unix or Windows newlines

comment:11 in reply to:  7 Changed 3 months ago by larshilse

Replying to asn:

Hello, I can't replicate the bug. I downloaded scallion for Windows and generated the hostname and private keey that I attached above. I managed to start tor 0.4.3 with it just fine.

Please make sure that this is not a problem with your torrc and if you are positive feel free to reopen the ticket with more info.

Thanks!

Works in Microsoft Word as well as in v 0.4.3 ;-) It was there all of a sudden in aforementioned version. I probably upgraded. Turns out it was the line endings.

Thanks for the great support!

comment:12 in reply to:  9 Changed 3 months ago by larshilse

Replying to mr_rokman:

I've had a similar problem while migrating relay keys from Windows to Debian. Same message "Error decoding PEM wrapper while reading private key". In my case culprit was the line endings in PEM, lines were terminated Windows-style - {CR}{LF}. Changed them to {LF} and keys were read just fine.

Thank you good sir! That was it. No idea why that would happen all of a sudden and without me (knowingly) changing anything on the system. Must have been an update/upgrade I made.

Again: thank you very much for the great support!

comment:13 Changed 3 months ago by nickm

Owner: changed from asn to nickm
Status: reopenedaccepted

comment:14 Changed 3 months ago by nickm

Actual Points: .2
Status: acceptedneeds_review

Okay, this is a simple fix, now that it's been tracked down -- and thanks for tracking it down!

My main branch is bug33032_035, with PR at https://github.com/torproject/tor/pull/1785

The patch merges forward cleanly. I've made merge-forward branches with PRs for CI testing:

comment:15 Changed 3 months ago by nickm

Looks like there was a crash in the CI -- I've force-pushed an update that should be a little more careful.

comment:16 Changed 2 months ago by asn

Reviewer: asn

comment:17 Changed 2 months ago by teor

Once macOS CI failed here due to a hang, see #32804 for details.

comment:18 Changed 2 months ago by teor

(I restarted the job.)

comment:19 Changed 2 months ago by asn

Milestone: Tor: 0.4.4.x-finalTor: 0.4.1.x-final

Merged to 043 and forward to master!

Rolling milestone back for backports!

comment:20 Changed 2 months ago by asn

Status: needs_reviewmerge_ready

LGTM (forgot to mention this above)!

Last edited 2 months ago by asn (previous) (diff)

comment:21 Changed 2 months ago by teor

Milestone: Tor: 0.4.1.x-finalTor: 0.4.2.x-final

Hey asn, just checking: did you merge to 0.4.2 ?

comment:22 in reply to:  21 Changed 2 months ago by asn

Replying to teor:

Hey asn, just checking: did you merge to 0.4.2 ?

Hey Tim. I did not. Should I?
I only merged to 043 and master.

Last edited 2 months ago by asn (previous) (diff)

comment:23 Changed 2 months ago by teor

Yep, 0.4.3 and master are the right places for bug fixes. Then I'll backport later.

(I asked because you moved this ticket to 0.4.1 after merging.)

comment:24 Changed 8 weeks ago by teor

Keywords: consider-backport-after-0435 added
Note: See TracTickets for help on using tickets.