'Crypto error: Unsupported key version' error while following tutorial


#1

Hi,

I have been following the tutorial under Mac OS.

When entering the studio, I get this error, following the docker image pull:

$ hab studio enter
   hab-studio: Creating Studio at /hab/studios/src (default)
   hab-studio: Importing amiez secret origin key
» Importing origin key from standard input
✗✗✗
✗✗✗ Crypto error: Unsupported key version: ✗✗✗
✗✗✗

I used my name as origin first, tried with ‘myorigin’ too, and using the -k flag with both keys, but I always get that error.
The hab setup step went without error, I didn’t set up Github creds.


#2

Hello -

Which key did you specify when you ran

hab setup

An easy way to tell is by listing the files in /hab/cache/keys or $HOME/.hab/cache/keys and looking for something besides core-*

Cheers -
Dave


#3

I created a key named amiez (seen in OP’s command output) then tried with one named myorigin (set as default with hab setup) then tried to use both of them with -k flag, always with the same outcome.
Keys in my .hab:

amiez-20160616154929.pub
amiez-20160616154929.sig.key
myorigin-20160616160311.pub
myorigin-20160616160311.sig.key

#4

That error occurs when Habitat tries to verify the content of the key that’s passed in [0].
Public signing keys must start with a line containing SIG-PUB-1, and secret signing keys must start with a line containing SIG-SEC-1.

Can I see the permissions on the keys you listed above? Also, are you using bash or zsh in OSX?

Cheers -
Dave

[0] https://github.com/habitat-sh/habitat/blob/db0455d8a56976320b424f359eb045e2fe16dcbb/components/core/src/crypto/keys/sig_key_pair.rs#L363


#5

All 4 keys have mode 0400, and directories above are 0755.
Both private keys are starting with SIG-SEC-1, and public keys with SIG-PUB-1.

I’m using zsh shell.

Thanks!


#6

Ok, I’m wondering if zsh is causing issues here. Can you see if this works in bash? I’ll try on my end as well.

Cheers -
Dave


#7

Unfortunately, I get the same error using bash…


#8

I didn’t find any issues with zsh vs bash either.

I just noticed that you mention Keys in my .hab

The path for keys is $HOME/.hab/cache/keys or /hab/cache/keys [0].

Cheers -
Dave

[0] https://www.habitat.sh/docs/reference/environment-vars/


#9

can you gist the output of?

RUST_LOG=debug hab studio enter

Cheers -
Dave


#10

I am also getting same result.
Using habitat in CentOS 6.8

[root@chef-habitat mytutorialapp]# RUST_LOG=debug hab studio enter
DEBUG:hab::config: Loading CLI config from /hab/etc/cli.toml
DEBUG:hab::command::studio: Setting default origin root via CLI config
DEBUG:hab::exec: Calling execv: ("/hab/pkgs/core/hab-studio/0.7.0/20160614232531/bin/hab-studio") [“enter”]
hab-studio: Creating Studio at /hab/studios/root–habitat–plans–mytutorialapp (default)
hab-studio: Importing root secret origin key
DEBUG:hab: clap cli args: ["/hab/pkgs/core/hab-studio/0.7.0/20160614232531/libexec/hab", “origin”, “key”, “export”, “–type”, “secret”, “root”]
DEBUG:hab: remaining cli args: []
DEBUG:habitat_core::crypto::keys: checking file: core-20160612031944.pub
DEBUG:habitat_core::crypto::keys: valid key suffix
DEBUG:hab: clap cli args: ["/hab/pkgs/core/hab-studio/0.7.0/20160614232531/libexec/hab", “origin”, “key”, “import”]
DEBUG:hab: remaining cli args: []
» Importing origin key from standard input
✗✗✗
✗✗✗ Crypto error: Unsupported key version: ✗✗✗
✗✗✗


#11

Hi Vikas -

It looks like the code that’s exporting the key into the studio can’t find your root keys.
Can you respond with the output of ls -la in /hab/cache/keys and $HOME/.hab/cache/keys?

Additionally, can you paste the “origin” value from /hab/etc/cli.toml? Note, this file may contain your Github auth key, so careful with copy/pasting in a public forum.

Cheers -
Dave


#12

Hello Dave.

ls -la /hab/cache/keys
total 12
drwxr-xr-x. 2 root root 4096 Jun 24 13:13 .
drwxr-xr-x. 6 root root 4096 Jun 24 13:13 ..
-rw-r--r--. 1 root root   75 Jun 24 13:13 core-20160612031944.pub
ls -la $HOME/.hab/cache/keys
ls: cannot access /root/.hab/cache/keys: No such file or directory
cat /hab/etc/cli.toml
origin = "root"

I am missing something? I am following https://www.habitat.sh/tutorials/getting-started-create-plan/

I ran "hab setup" with:
Origin name = root
Key for origin = nil
Github access token = nil

Thanks,
Vikas


#13

Hello Vikas -

I forgot to ask, can you run those commands in OSX instead of the Linux container?

Cheers -
Dave


#14

Sorry Dave, I do not have OSX.

Also, just FYI.

While setting up habitat and before running make command I had to install:
libsodium
libarchive

On both ubuntu 14.04 and CentOS 6.8

Will this be a good idea to document it for ease of others? Just asking, it may not be that important or trivial step/understood.

Thanks,
Vikas


#15

Hello Vikas -

The team is using an Ubuntu container in Docker with this configuration [0], which we should add to the README at some point. I’ll make a note to do so, or I’ll happily review a PR if you beat me to it :slight_smile:

Cheers -
Dave

[0] https://github.com/habitat-sh/habitat/blob/master/Dockerfile