You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently when an untrusted PGP key is used to encrypt the Certificate RSA key, the underlying system fully ignores the key and writes an empty file because the interaction with the gpg binary happens in a subshell.
We should either:
Warn the user and exit
Add the always trust flag to the encryption of files.
Concerns around 2:
There's a TOFU problem on initial RSA signing key encryption. Where in between the user setting their fingerprint and running mtls for the first time, a bad actor could potentially swap out the fingerprint uses for later encrypting the key one first generation.
There's also issues around using -o which would then encrypt the password for the PFX to a bad actor based off what's in the config.
The text was updated successfully, but these errors were encountered:
Currently when an untrusted PGP key is used to encrypt the Certificate RSA key, the underlying system fully ignores the key and writes an empty file because the interaction with the gpg binary happens in a subshell.
We should either:
Concerns around 2:
There's a TOFU problem on initial RSA signing key encryption. Where in between the user setting their fingerprint and running
mtls
for the first time, a bad actor could potentially swap out the fingerprint uses for later encrypting the key one first generation.There's also issues around using
-o
which would then encrypt the password for the PFX to a bad actor based off what's in the config.The text was updated successfully, but these errors were encountered: