stackoom
  简体   繁体   中英

GCP KMS Importing Ethereum Wallet private key

 原文  2022-05-24 08:31:31       google-cloud-platform/ openssl/ ethereum/ google-cloud-kms

Question

I have an Ethereum private key which consists of 64 bytes. I need to use this key for asymmetric encryption using p256k1 elliptic curve (the signing algorithm used on Ethereum).

This is supported on KMS now in the process of importing my key, I came across the following section in the GCP KMS documentation.

在此处输入图像描述

It stipulates the key must be in PKCS#8 format. I have tried a couple of commands using openssl. like the following

openssl pkcs8 -topk8 -in ./private.pem -outform DER -out ./private.key

Here is my private.pem format

-----BEGIN PRIVATE KEY-----
64_CHAR_PRIVATE_KEY_PASTED_HERE
-----END PRIVATE KEY-----

I understand this might not be the correct way to convert as errors happen when I run this command.

unable to load key
4456490668:error:0DFFF07B:asn1 encoding routines:CRYPTO_internal:header too long:/System/Volumes/Data/SWE/macOS/BuildRoots/b8ff8433dc/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75/libressl-2.8/crypto/asn1/asn1_lib.c:152:
4456490668:error:0DFFF066:asn1 encoding routines:CRYPTO_internal:bad object header:/System/Volumes/Data/SWE/macOS/BuildRoots/b8ff8433dc/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75/libressl-2.8/crypto/asn1/tasn_dec.c:1132:
4456490668:error:0DFFF03A:asn1 encoding routines:CRYPTO_internal:nested asn1 error:/System/Volumes/Data/SWE/macOS/BuildRoots/b8ff8433dc/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75/libressl-2.8/crypto/asn1/tasn_dec.c:317:Type=PKCS8_PRIV_KEY_INFO
4456490668:error:09FFF00D:PEM routines:CRYPTO_internal:ASN1 lib:/System/Volumes/Data/SWE/macOS/BuildRoots/b8ff8433dc/Library/Caches/com.apple.xbs/Sources/libressl/libressl-75/libressl-2.8/crypto/pem/pem_pkey.c:143:

My goal remains to be able to import the key into KMS as securely as possible. Thank you in advance for your responses :D

1 answers

solution1
 2 ACCPTED  2022-05-24 10:49:26

So for anyone, who might deal with something similar. John Hanley pointed me to this link which describes the process of basically converting a Ethereum private key into a EC PEM or DER encoded key file.

A couple of strings need to be added (The linked answer does a good job at explaining it). I was able to then convert EC PEM to PKCS#8 DER format which is what I needed for importing the key to GCP KMS.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Importing public Key to Google KMS Grant permission to use specific KMS key in GCP GCP policy to enforce to use EKM (externally managed key) in KMS GCP Cloud KMS - custom key, disaster recovery possible? Managing key rotations with GCP_KMS with BYOK solution Autounseal Vault with GCP KMS Problem Importing a pre-wrapped key into Cloud KMS GCP - DLP - Decryption failed: the ciphertext is invalid error when using KMS wrapped key GCP kms encrypt env var and passing encrypted key through cloudbuild.yaml to google app engine Permission denied on key when encrypting secrets.yml file with helm and gcp_kms
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM