staticman: Self-hosted API: InvalidAsn1Error on npm start

Here’s my post of my experience setting up my own Staticman instance: https://www.gabescode.com/staticman/2019/01/03/create-staticman-instance.html

Turns out I just needed a rubber duck to talk to. I just figured it out.

The “Key format must be specified” error got me thinking about maybe it’s just in the wrong format. Turns out, that was it. The node-rsa module can only import from certain formats, and whatever I had it in wasn’t the right one. So I had to convert it to PEM format. I did that with this:

openssl rsa -outform PEM -in ~/.ssh/id_rsa -out id_rsa.pem

I gave it my passphrase when it asked, and then there was a new file called id_rsa.pem. I used the contents of that in the rsaPrivateKey property (after replacing line breaks with \n). And now npm start works!

@robinmetral So did you get past this error?

Since the public API is in trouble, I figured I’d host my own, but I’m facing this exact error message too. I was following the blog post at flyinggrizzly.io too, but both it and the official docs are slim on details on how to actually populate that rsaPrivateKey parameter (besides “put your private key there”).

The official docs say it should look something like this:

rsaPrivateKey: "-----BEGIN RSA PRIVATE KEY-----\nkey\n-----END RSA PRIVATE KEY-----"

The problem I’m running into is: where does that “key” come from?

I’m running this on Linux (Ubuntu Trusty). I generated a key according to the docs, and I have my key in ~/.ssh/id_rsa (private) and ~/.ssh/id_rsa.pub (public). The key is registered with GitHub now and I know it works.

The config.test.json kind of makes it look like it wants the public key (the key ends in “==”, just like my .pub).

My ~/.ssh/id_rsa.pub looks like this:

ssh-rsa key my@email.com

Where “key” is my actual public key and my actual email address is at the end. If I take out just the “key” part, and put it in the config file like this:

"rsaPrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nkey\n-----END RSA PRIVATE KEY-----"

Then I get the exact error described here: InvalidAsn1Error: Expected 0x2: got 0x0

My private key (~/.ssh/id_rsa) looks something like this:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,4EC16432518D6CB6933684F4E3AD31E3

key
-----END RSA PRIVATE KEY-----

I tried to just replace every line break with \n and use it like that, but that gives me this error message: Error: Key format must be specified. That error message seems to be used for anything that’s completely invalid.

If I omit the two header lines (Proc-Type and DEK-Info), then I get a different error message: InvalidAsn1Error: Expected 0x2: got 0xb0

So I’m kind of at a standstill now. I don’t know how to proceed.

Thanks @eduardoboucas.

P.S. I can finally understand why you insist on that complicated command instead of the simpler one suggested in #219 (comment).

@VincentTam I think you have misunderstood my intentions here. I am not insisting on anything. I am just trying to understand what’s going on.

Now that I understand that the RSA key has nothing to do with GitHub, then yes, it makes more sense to ignore GitHub’s documentation on the matter and just create it in PEM format in the first place. I’ll update my article.

Yes, absolutely! Feel free.

@robinmetral Port 80 shouldn’t be a problem as long as something else (like Apache) isn’t already using it. I used port 8080 and used Apache as a proxy.

I’m working on my own write up to describe how I set everything up. Some issues I faced weren’t the fault of Staticman itself.

@eduardoboucas would you like a PR to improve the docs/README on how to host one’s own instance of Staticman? It would help people not to keep making the same mistakes

That would be super useful, thanks! Perhaps https://staticman.net/docs/api would be the best place for that information? Repo is here: https://github.com/eduardoboucas/staticman.net

Thanks for your replies and help @gabeluci @VincentTam!

Actually my mistake was to try to use port 80 like in the config.sample.json. It might be Linux, but I had to change it to a four-digit port number.

@eduardoboucas would you like a PR to improve the docs/README on how to host one’s own instance of Staticman? It would help people not to keep making the same mistakes 😉

For @robinmetral’s first question, I keep the newlines in the form of JSON friendly string described in the linked PR as well as the linked blog article by Flying Grizzy.

The roles of the PEM key in Staticman are to safely commit confidential information into the Git repo, and to provide authentication in case of authenticated comments.

A Staticman API instance’s authority to act on behalf of the associated GitHub and/or GitLab dummy account comes from solely from the GitHub and/or GitLab token stored in the server-side API config file.

Just to make sure I haven’t done any error:

• Did you also replace by \n the line breaks between the key’s body and the first and last dashed lines -----BEGIN...

I just removed all the line breaks. I didn’t replace them with ‘\n’, I just removed them.

The first and last lines with the dashes and “BEGIN…”/“END…” need to stay.

• Did you have to add the .pem key to your Github account?

No. I had added the key already so I didn’t add it again. The new .pem file is the same key, just stored in a different format, so you don’t need to add it to GitHub again.

Here’s another self-hosting guide on a remote host: https://www.datascienceblog.net/post/other/staticman_comments/

The setup maybe helpful.

You may also consult a recently created Staticman instance on Framagit and its source code a successful setup. (public key included)

Its seems an RSA key error. While setting up @staticmanlab, my own Staticman API instance (so as to test Staticman’s native GitLab support), I found this article very useful. Hope this helps your setup.