https://pulumi.com logo
#aws
Title
f

future-nail-59564

11/23/2020, 10:35 PM
Hey! 👋 🙂 Could anyone point me to some doc about the proper format expected by the
pgpKey
property of classes such
aws.iam.AccessKey
and
aws.iam.UserLoginProfile
. It’s really unclear what the base-64 encoded PGP public key is expected to be. No matter what I try, I always get this:
Copy code
* Error encrypting IAM Access Key Secret: error parsing given PGP key: openpgp: invalid data: tag byte does not have MSB set
I created my key-pair using:
Copy code
$ openssl genrsa -out keypair.pem 2048
Then exported the public-key part with:
Copy code
$ openssl rsa -in keypair.pem -pubout -out publickey.crt
Then I tried to pass that public key using different variations: 1. with/without BEGIN/END markers, 2. with/without new lines, 3. with/without over-base-64-encoding the whole thing, etc… But no luck! 😓
l

little-cartoon-10569

11/23/2020, 10:46 PM
Given the error message, it's probably not looking for something base64-encoded. No characters in the base64 character set have their most significant bit set...
Note that your sample code isn't working with PGP at all, just OpenSSL.
They're not related. This seems to be a good introduction: https://security.stackexchange.com/questions/39765/public-keys-on-openssl-vs-pgp
f

future-nail-59564

11/23/2020, 11:11 PM
thanks @little-cartoon-10569, I’ll try PGP instead! 👍
👍 1
Using PGP instead of OpenSSL was indeed the “key” of the problem! 😉 Thanks @little-cartoon-10569!
👍 1