Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

algorithm rsa not supported for create key #1677

Open
Omwalid opened this issue Apr 28, 2023 · 0 comments
Open

algorithm rsa not supported for create key #1677

Omwalid opened this issue Apr 28, 2023 · 0 comments

Comments

@Omwalid
Copy link

Omwalid commented Apr 28, 2023

In order to get familiazed with the docker notary, I have deployed the notary using the docker-compose.
Since the certificate have been expired, I generated new certificates using the following commands :

openssl genrsa -out notary-server.key 2048
openssl req -new -key notary-server.key -out notary-server.csr  -subj "/C=FR/ST=CA/L=Paris/O=Docker/CN=notaryserver" -addext "subjectAltName = DNS:notaryserver"
openssl x509 -req -in notary-server.csr -CA root-ca.crt -CAkey w_ca.key -CAcreateserial -out notary-server.crt -days 365 -extfile <(printf "subjectAltName=DNS:notaryserver")


openssl genrsa -out notary-signer.key 2048
openssl req -new -key notary-signer.key -out notary-signer.csr -subj "/C=FR/ST=CA/L=Paris/O=Docker/CN=notarysigner" -addext "subjectAltName = DNS:notarysigner"
openssl x509 -req -in notary-signer.csr -CA root-ca.crt -CAkey w_ca.key -CAcreateserial -out notary-signer.crt -days 365 -extfile <(printf "subjectAltName=DNS:notarysigner")

After running the docker-compose, and once the containers are up and running. I ran :

export DOCKER_CONTENT_TRUST=1
export DOCKER_CONTENT_TRUST_SERVER=https://localhost:4443

docker trust key generate user-signer
docker trust signer add --key user-signer.pub user-signer localhost:5000/testwalidimage

I get this error :

unable to reach trust server at this time: 500.

Logs in notary_server :
{"go.version":"go1.17.13","http.request.host":"localhost:4443","http.request.id":"a8e602f3-aecf-4442-a4ab-7d27bc329bca","http.request.method":"GET","http.request.remoteaddr":"172.17.0.1:56662","http.request.uri":"/v2/localhost:5000/walidimage/_trust/tuf/timestamp.key","http.request.useragent":"Docker-Client/20.10.23 (linux)","level":"error","msg":"unknown: unknown error: rpc error: code = Unknown desc = algorithm rsa not supported for create key","time":"2023-04-28T08:32:09Z"}

I found the same problem in this issue : #1597
But I don't understand why I get this error ? when I use docker trust key generate, keys are generated and stored in .docker/trust/private, so why I get this error ? What key is the server trying to generate ? how to solve this problem ?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Omwalid