Login/Register
Error: error:0909006C:PEM routines:get_name:no start line - node
Asked Answered
Solved docusignapi
L

13

83

I have cloned this repo (https://github.com/docusign/code-examples-node) and believe I have entered all required keys and codes. But, when I try to authenticate with JWT I get this error:

    at Sign.sign (internal/crypto/sig.js:105:29)
    at Object.sign (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\jwa\index.js:152:45)
    at Object.jwsSign [as sign] (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\jws\lib\sign-stream.js:32:24)
    at Object.module.exports [as sign] (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\docusign-esign\node_modules\jsonwebtoken\sign.js:189:16)
    at generateAndSignJWTAssertion (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\docusign-esign\src\ApiClient.js:62:16)
    at exports.requestJWTUserToken (C:\Users\BrownJ3\Documents\repos\code-examples-node\node_modules\docusign-esign\src\ApiClient.js:890:19)
    at _DsJwtAuth._getToken [as getToken] (C:\Users\BrownJ3\Documents\repos\code-examples-node\lib\DSJwtAuth.js:85:33)
    at log (C:\Users\BrownJ3\Documents\repos\code-examples-node\lib\DSJwtAuth.js:174:33)
    at _DsJwtAuth.DsJwtAuth.login (C:\Users\BrownJ3\Documents\repos\code-examples-node\lib\DSJwtAuth.js:184:5)
    at commonControllers.login (C:\Users\BrownJ3\Documents\repos\code-examples-node\lib\commonControllers.js:36:16) {
  library: 'PEM routines',
  function: 'get_name',
  reason: 'no start line',
  code: 'ERR_OSSL_PEM_NO_START_LINE```
Les answered 22/7, 2020 at 9:10 Comment(0)
S
71

What this typically means is that the PEM file is missing the indicator that the key portion has begun.

PEM files are structured like this:

Intitial Data to be processed

-----Begin <Type>-----

Key Information

-----End <Type>-----

The standard for these files can be found here: https://www.rfc-editor.org/rfc/rfc7468

Can you confirm if the -----Begin / End lines are present are present in the PEM file you're using? Please don't post the actual file here, if they are present in the PEM we're going to want to have you open a support case with DocuSign so we keep any necessary private data for troubleshooting private.

Scagliola answered 22/7, 2020 at 20:29 Comment(4)
Now I use the PEM file instead of the CRT and it works ...Zagazig
I have the startline but still gets the error. -----BEGIN CERTIFICATE-----Trysail
If you end up here and this answer doesn't help you, consider ensuring that the file you are reading is accessible (i.e. no perms issues)Pga
I have a windows machine,Where do I find this PEM file?Skite
H
23

If you indeed have valid structure of PEM as @Matt King DS suggested, but you still get this error, it is likely that new lines are causing error.

If you are using dotenv then from documentation:

Multiline values

If you need multiline variables, for example private keys, those are now supported (>= v15.0.0) with line breaks:

PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----

...

Kh9NV...

...

-----END DSA PRIVATE KEY-----"

Alternatively, you can double quote strings and use the \n character:

PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nKh9NV...\n-----END DSA PRIVATE KEY---

AWS lambda

I also encountered this error in AWS lambda. Here above approach didn't work for me. I had to have env variable in lambda without double quotes, with \n instead of new lines and in code I had to replace \n by \n, like this:

process.env.MY_PRIVATE_KEY.replace(/\\n/g, '\n')
Hymnody answered 12/9, 2022 at 8:51 Comment(5)
Saved my life, thanks. Especially lambda part. It's valid for ELB backed NodeJS(NestJS) in my case as well. Private key strings needs to be replaced by \\n. Non of the container or datadog logs are showing this.Glasgow
👍🏻 for AWS suggestion, saved my dayKatelin
Same for me with GitHub Actions using PEM in secrets 🤦‍♂️Grubbs
Doing the replacement is also necessary for Vercel.Demodulator
Unsurprisingly, same for Heroku env var. No quotes, replace newlinesDemarco
C
20

You can validate your certificate here: https://www.sslchecker.com/certdecoder.

In my case, I pasted wrongly that missed one dash:

- -----BEGIN CERTIFICATE-----
+ ----BEGIN CERTIFICATE-----

Please note the first five dashes are critical.

Caution

If you don't want to paste into an unknown site, you can try the following command instead, thanks to @Adrian Gonzalez:

openssl x509 -in <cert-name>.pem -noout -text
Chiclayo answered 28/12, 2020 at 11:8 Comment(3)
i am a bit concerned using an unknown site to paste a sensitive private key into it, there is no guarantee of them not to abuse it. but please do correct me if i am wrong on thisHesperides
Yeah do not use this, you can try this instead in your local machine to verify its a valid certificate, it will output the same info as the website. 'openssl x509 -in <cert-name>.pem -noout -text'Slain
If it were a certificate, it wouldn't be sensitive, but the Q was about nodjes.crypto.Sign.sign which takes a privatekey, and (@AdrianGonzales) openssl x509 won't work on a privatekey, nor will that website (although some others will, like lapo.it/asn1js); openssl pkey [-noout] [-text] will, and there are other subcommands that work for some keys but not all.Sienna
F
18

If using docker, I have some observations.

  1. Try to make .env values plain text. Not string literal.
  2. When getting the item to code, replace '\\n' with '\n'
Ferroelectric answered 11/10, 2021 at 6:1 Comment(1)
I wish I could upvote every time this helps me.Isolative
R
5

If you have this problem with Angular CLI then ensure that your ssl key paths are valid.

Had the same problem when running :

ng serve --ssl true --ssl-cert ./ssl/server.crt --ssl-key ./ssl/server.key

and it turned out my paths were invalid.

Rounds answered 22/9, 2022 at 12:21 Comment(0)
A
3

I solved it by just running the following lines of code. This can be run anywhere in order to turn the normal \n into actual newlines '\n'

jWtstring = 'your_JWT_string'
jWtstring.replace(/\\n/g, '\n')

After you get the newly line-entered JWT key, you can paste it to SSM or perform the next steps as you wish.

Allude answered 19/10, 2022 at 7:54 Comment(0)
V
1

Try to delete .nprm from -->

C:\Users{username}

then it will works fine

Vanettavang answered 30/1, 2022 at 7:47 Comment(0)
L
1

For the angular version 14.2.8 use following commands.

ng serve --ssl "Your_project_name" --ssl-key "path_of_key" --ssl-cert "path_of_your_certificate"

Example:-if your key and certificate on a same drive C://your_key or C://your_certificate

Lesterlesya answered 8/11, 2022 at 12:44 Comment(0)
C
1
const fs = require('fs')
const https = require('https')


https.createServer(
    {    
        key:fs.readFileSync('key.pem'),
        cert: fs.readFileSync('cert.pem'),
    }
).listen(PORT, () => {
    console.log(`server is running on http://localhost:${PORT}`);
})

you need to load the file key.pem before initialize to the "key: key.pem" with readFileSync that belongs to fs module

https.createServer:- https://nodejs.org/api/https.html#httpscreateserveroptions-requestlistener fs.readFileSync:- https://nodejs.dev/en/learn/reading-files-with-nodejs/

Consumer answered 12/12, 2022 at 11:32 Comment(1)
Please, use link formatting: [link](url)Athos
A
0

you have to use

 const key = new NodeRSA({ b: 512 });
    let keypair = {
        private: key.exportKey(),
        public: key.exportKey("public")
    };

this private key at the time of signing token with RSA

Anneal answered 7/12, 2022 at 10:42 Comment(0)
U
0

In my case it turned out that a pem with

-----BEGIN TRUSTED CERTIFICATE----
....
-----END TRUSTED CERTIFICATE-----

but this worked however :

-----BEGIN CERTIFICATE----
....
-----END CERTIFICATE-----

To "fix" the header you can run :

openssl x509 -in old.pem -out new.pem
Unknowable answered 25/6 at 15:16 Comment(0)
A
-2

if you just using it as sandbox project you can use: (without private key)

var jwt = require('jsonwebtoken');
var token = jwt.sign({ foo: 'bar' }, 'shhhhh');

if not as sandbox, you have to generate a privteKey.

you can see it on jsonwebtoken docs: https://www.npmjs.com/package/jsonwebtoken

Aleksandropol answered 15/1, 2022 at 0:38 Comment(0)
S
-2

I have exactly the same issue on my M1 Mac Pro.

Solved my problem by:

  1. Search for your .npmrc file and delete it. sudo find ~ -type f -name '*npmrc' rm -rf /Users/<user>/.npmrc
  2. Do some classics like: npm cache verify npm cache clear --force
  3. Finally use the npm install
Sunken answered 27/7, 2022 at 14:25 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.