passport:install error (openssl_pkey_new(): private key length is too short; it needs to be at least 384 bits, not 0)

Created on 10 Jul 2018  ·  13Comments  ·  Source: laravel/passport

Following the documentation for Laravel 5.6, I tried to run php artisan passport:install, but an error occurred:

openssl_pkey_new(): private key length is too short; it needs to be at least 384 bits, not 0

at /var/www/core-application/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php:560
556| $config = array();
557| if (isset($this->configFile)) {
558| $config['config'] = $this->configFile;
559| }
560| $rsa = openssl_pkey_new(array('private_key_bits' => $bits) + $config);
561| openssl_pkey_export($rsa, $privatekey, null, $config);
562| $publickey = openssl_pkey_get_details($rsa);
563| $publickey = $publickey['key'];
564|

Exception trace:

1 openssl_pkey_new(["4096", "/var/www/core-application/vendor/phpseclib/phpseclib/phpseclib/Crypt/../openssl.cnf"])
/var/www/core-application/vendor/phpseclib/phpseclib/phpseclib/Crypt/RSA.php:560

2 phpseclib\Crypt\RSA::createKey("4096")
/var/www/core-application/vendor/laravel/passport/src/Console/KeysCommand.php:35

Seems to be a problem with the latest release (6.0.4). Using passport 6.0.3 instead fixed the issue for me.

picture evandromurilo
👍7

Most helpful comment

I got the same error few hours ago and found out that the length of the key assigned to the cmd is 4096.
And for some reason the phpseclib is giving error on that.

So I tried something lower and it worked. I used 256.

php artisan passport:install --length=256
picture JosephNC on 10 Jul 2018
👍8

All 13 comments

I had the same issue. Had to hardcode the bit value (remove the IF statement)
temporary fix

DREWtheBAWS picture DREWtheBAWS on 10 Jul 2018

I got the same error few hours ago and found out that the length of the key assigned to the cmd is 4096.
And for some reason the phpseclib is giving error on that.

So I tried something lower and it worked. I used 256.

php artisan passport:install --length=256
JosephNC picture JosephNC on 10 Jul 2018
👍8

It seems we are passing a string instead of an int to RSA::createKey. I have created a pull... https://github.com/laravel/passport/pull/758

donovanhare picture donovanhare on 10 Jul 2018

Having the same issue; just spent a good while googling around looking for answers with no luck. Solution from @JosephNC worked great. thanks!

EDIT: I decided to downgrade to 6.0.3 because the Oauth Token grant did not work either. Was getting:

digest too big for rsa key errors when trying to use the password grant type. Downgrading resolved this problem.

drmmr763 picture drmmr763 on 10 Jul 2018
👍4

There was an error while creating the signature: error:04075070:rsa routines:RSA_sign:digest too big for rsa key
how did you solve this? @drmmr763

aungmyokyaw97 picture aungmyokyaw97 on 11 Jul 2018

@aungmyokyaw97 above @JosephNC has posted a temporary solution.

Edit: That solves the CLI issue but some people are having issues with Client Password Grants which is probably related to this.

Braunson picture Braunson on 11 Jul 2018

@Braunson there appears to be an additional issue even after getting through the php artisan cli command. When issuing a client password grant there is a similar error in the oauth/token endpoint. I can open a separate issue on that if needed but since it seemed related to this I haven't done that yet.

@aungmyokyaw97 I wasn't able to fix in 6.0.4. I rolled back to 6.0.3 by updating my composer.json.

drmmr763 picture drmmr763 on 11 Jul 2018
👍3

@drmmr763 @aungmyokyaw97 It sounds like you've hit the limit of @JosephNC's solution - the key that has been generated is too small.

You will need to generate a key of sufficient length. Use #758 then php artisan passport:key --force.

Edit: #758 has been merged. composer update then php artisan passport:key --force if needbe.

donovanhare picture donovanhare on 11 Jul 2018
👍21

Still present on a forge provisioned server..

fwartner picture fwartner on 13 Jul 2018

@fwartner are you sure you're running passport v6.0.5?

If so, have you tried regenerating your keys?

donovanhare picture donovanhare on 13 Jul 2018

Either way @Donovan-H the new version still gives an error even after casting int and generating the keys successfully, I run into other errors when creating tokens for users with the createToken() method.
~Don't know if others have experienced that.~

The error was digest too big for rsa key @drmmr763 👍

I reverted to the previous version and will move forward when the new version is stable and seems to work well.

JosephNC picture JosephNC on 13 Jul 2018

@JosephNC that error suggests that the RSA key being used is too small. What is the length of the key you are using?

I can't seem to replicate this behaviour with a fresh laravel-passport installation. Could you provide some steps to reproduce and full error messages?

donovanhare picture donovanhare on 14 Jul 2018

Closing this issue because it's already solved, old or not relevant anymore. Feel free to reply if you're still experiencing this issue.

driesvints picture driesvints on 15 Oct 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

aluferraz picture aluferraz  ·  3Comments
Patskimoto picture Patskimoto  ·  3Comments
parth-vora-7 picture parth-vora-7  ·  4Comments
andcl picture andcl  ·  3Comments
seriousjelly picture seriousjelly  ·  3Comments