I have the key -----BEGIN PRIVATE KEY-----nnwb945yptghjs8hg45954hg945hn/gsnohuoi5gh549usgh5498gh4p95sognosgn54ui3ghns459uigh54g98s45ghy4598ngkeot84n-----END PRIVATE KEY-----
(for illustration purposes) and when running jws.sign()
on my home computer it works as expected.
However, when I store the secret in AWS Secrets Manager and retrieve it in a container on EC2, even after confirming (by logging it) that it looks the exact same way, I get a Could not deserialize key data
error, or more specifically InvalidData(InvalidByte(0, 92))
.
Byte 92 is the "" character, so the issue seems to lie in Jose treating the "n" as literals instead of new lines for some reason. How do I fix that?
2
Answers
What was suggested fixed that specific issue, but I kept getting failure to deserialize errors, despite it working fine retrieving and using the same key on my local PC. What ended up fixing it is replacing new lines with spaces when storing it in AWS and then re-building it programmatically, like so
Still don't know what could cause such an issue but this works.
Reason is newline characters (n) being treated as literal strings instead of actual line breaks when retrieved from AWS Secrets Manager. This can happen because AWS Secrets Manager stores the secret as a single string, which may cause the newline characters to be escaped.
One possible solution is to replace the literal n characters with actual newline characters after retrieving the secret and before using it with
jws.sign()
OR you can also use "formatted_key" when signing your data