XML import private key data

Hello,

I tested with RDM 14.1.3 if I import a Private Key using the XML file it works. I just add the content of my private key between <SafePrivateKeyData> and </SafePrivateKeyData>.

Also add the line <PrivateKeyType>Data</PrivateKeyType> to import the private key as Data in the database.

Best regards,

Were you able to successfully use that key?

I also tried the same thing with 14.1.3.0, here's what I found:

So it seems to me like it's silently ignoring the data in this element, presumably when it's not encrypted in the right format.

Here's what I'm importing:


<Connection>
<Credentials>
<CredentialType>PrivateKey</CredentialType>
<PrivateKeyType>Data</PrivateKeyType>
<SafePrivateKeyData>PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20190205
Public-Lines: 6
AAAAB3NzaC1yc2EAAAABJQAAAQEApu8xH5K3AO0MDyKBUikPZVVXn9l5Vyui8z/1
rUtYthkLVr5Abu3gP2LOEdA/FTBY3QMZF9FmyNL8Fu+qGdf0+l4Ftve3fNxaWVF3
6om6vsX5NHNN3F2/iudUIqrkWj6kxvRlhCoGDVh1NAq8WLl9wN5+l3tdGIhKoRx/
XbUb/wpoaljR3m0pLQGlHrEUaZkbutCsaiBc8yigWLUvGH+tUWtetN6HVKfV1f8J
R1FXA3RVljnoM0tKV36WN+50RHdvsunta8rZoSJueU0KU6T8NVup78HvsI4zqAin
JLkOVdzDoMuRR9qBHHeQ1kKVsKSuG0e2fpfHONREbT03cv1n/Q==
Private-Lines: 14
AAABAQCd6S53z/k4Oi4AepYBnHZY791ELpVgS99Uzcy4rw66F7DHrQyEm9QgSLUX
xP1nEg7e50FAC0WNiU9T93dkjgNpX9vkbck+wpqnhGqD6hGEB2FbIPagBadZ4b5K
TqCoZMViQSHCNZcFtIqLLMAA5tDm4E48RENOjsMix+4aXzYomZf2rgY9lhR25eaS
WRE1EzNA+Qs1J5t+TwekiGs0SiKMLtp41a525dU035CfTHHm7gD01uE4fAPuMJk/
E8kFUN8YXrnFLtWXlGQ5IWayvn/x4+C9fl0lDfZrlLrVYHnZRY1B/MY/s20IZOJh
BQr3SRgKYogcatI4zhTnNiz+fvARAAAAgQD0L5CSSjE0Pxxmw7H06Gt1avM7uudh
UWDsALqVBsyNaZFt9FtKGNDgQrA+dnEW6ce8L27L1QDlsBJiQ9wwSkoiXmdVE0ot
MsAUvVle/mDHkx7DPoMktzBUJC1P0Fsa33XwpwBZDQHE2SDz0hOlILAW+3QPs2dH
dZAbw/+u3JAbvwAAAIEArwLOc38Ds2jjk8BJMeKro1RSghfx2ukNwjUD/NpsEVOo
aOGv+dQXMXFbI00Lx7CFHAwxGFXHSo5dZhB5sUxUJvjrQayfnr+DpqQg0Q1WP6nW
+Rwfm7TwBuY+HMqRj+h8YjexX1aXZkHHZI79uRWCv4nghJ6FDz4Sh5ePO8PnG0MA
AACBAO59SwtJO6SXc60crJmHVNo6QP5pBRXfr2esO1fUBWIPAq8q+D0Bs0CmzM7j
iC61VkGD8/knoQkxkhGSgXdTNdoIUFI3nC0b35LXUNGBuO+uqGr/dTWnRFTGUnUB
NTn0E3u7xDL30NebY6VdWTNnMkF6Ny7qdyuiFvRhAYzI8ht0
Private-MAC: 9e44de96036941cb97432251fa2002f1423cfd43</SafePrivateKeyData>
</Credentials>
<ConnectionType>Credential</ConnectionType>
<CreatedBy>Import</CreatedBy>
<CreationDateTime>2019-02-07T02:01:37</CreationDateTime>
<Group>Test</Group>
<ID>e4286ade-4dbf-4099-be0e-df50d5631bb6</ID>
<Name>Test key</Name>
</Connection>

(Note this particular key is a fake one I just generated for the purposes of this test)

If I edit the entry using the RDM UI, and paste the exact key contents in (which I had between the SafeImportKey), everything works fine.

Hi,

I had a chat with the engineering department and what you think is exact. RDM is able to import the Private Key Data, therefore the information is not encrypted in an encryption field so they are not valid.

I'm not sure if we have the possibility to import Private Key, I will have to do further tests.

Before doing further tests, could you detail if you are trying to migrate private keys from another software to RDM and how many entries are you looking to import?

Best regards,

I'm trying to automate importing instances from AWS, and wanted to distribute a single XML file (and potentially generate it/host it from a web server with its own security controls). Right now I have to distribute either the app to generate the xml or the xml file (haven't decided yet) PLUS all the certificates necessary.

I did look at the EC2 Synchronizer, but it doesn't look like it works for this:

Hi,

If we add a <ClearPrivateKeyData> field when importing with XML, could this help?

Once the entry is imported, RDM will convert the field for <SafePrivateKeyData>.

As my Maurice mentioned on the other topic with you, we currently support only Putty Private Key.

Best regards,

@David Yes, that would be perfect!

Separately, it would be nice if it'd support PEM format keys and automatically convert (even when importing from the UI) as AWS in particular exports PEM keys, and this would let you import them directly to RDM, without having to manually convert via puttygen or whatever first.

Thanks for your feedback, I will transfer this topic as a feature requests to the engineering department as a follow up our internal ticket number is RDMW-2089.

Regarding the PEM key, we have this on our to do list.

Regards,