-
-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
invalid byte sequence in UTF-8 on encrypted binary #124
Comments
Follow up: This occurs on centos 6.4/7.0 and ruby-2.0.0.353-20.el7.x86_64.
|
Hi @djtecha. Do you have a suggestion for how we should handle this case? Perhaps catch the exception and not decrypt that particular block? It would be quite dangerous to spit out binary data into an editor IMHO. I'm curious as to what you are using this for? A keystore or similar? Simon |
So, my use case was we needed to encrypt a binary file from google so that we could pass it via puppet and not worry about someone intercepting the code as they wouldn't have the proper keys to decrypt it. I don't really have any suggestions for how this should work, but am curious as to the proper way for encrypting binary files? As I used the described method found here: https://github.com/TomPoulton/hiera-eyaml/blob/master/features/encrypts.feature |
Has anyone found a workaround for this? Just ran into this myself. |
Well, you can output the binary block then drop that in a file. The decryption should match your original md5sum, but you can no longer edit that file. I just included them in my hiera tree. |
I am running into this problem. I tried this in my eyaml:
Is that what djtecha was suggesting? Anyone see any security risk involved? I checked the result, and it does seem to be in binary, but the md5sums don't match. |
I found a work around that can be implemented two ways, for those that need a way around this: 1 - base64 encode the binary manually:
2 - store the base64 text in your yaml and convert it to eyaml so it's encrypted
Alternatively, if you want to control permissions and other things, you can use (untested):
|
For decoding a base64 encoded string, you can also use the base64 function from puppet's stdlib. See: https://forge.puppet.com/puppetlabs/stdlib
|
Thanks! The worked great. |
After encrypting a binary file and placing the blob into the eyaml file using yum, all eyaml edits to the file fail with the following:
[hiera-eyaml-core] !!! invalid byte sequence in UTF-8
'"][hiera-eyaml-core] ["/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:45:in
match?'", "/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:45:in
block in parse_scanner'", "/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:44:ineach'", "/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:44:in
find'", "/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:44:inparse_scanner'", "/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/parser/parser.rb:36:in
parse'", "/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/subcommands/edit.rb:57:inexecute'", "/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/lib/hiera/backend/eyaml/CLI.rb:45:in
execute'", "/usr/local/rvm/gems/ruby-2.0.0-p247/gems/hiera-eyaml-2.0.3/bin/eyaml:13:in<top (required)>'", "/usr/local/rvm/gems/ruby-2.0.0-p247/bin/eyaml:23:in
load'", "/usr/local/rvm/gems/ruby-2.0.0-p247/bin/eyaml:23:in<main>'", "/usr/local/rvm/gems/ruby-2.0.0-p247/bin/ruby_noexec_wrapper:14:in
eval'", "/usr/local/rvm/gems/ruby-2.0.0-p247/bin/ruby_noexec_wrapper:14:in `The text was updated successfully, but these errors were encountered: