Attempting to upload private key should auto-convert it into public
Bug #1790631 reported by
Sebastian Nielsen
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Instead of telling:
"This is a private key. You must upload your public key instead."
it should instead convert the key to a public one.
A private key contains enough information to calculate the public one, so its certainly possible to create a SSH public key out of a private one.
thus, if a user attempts to upload the private one, just convert it and accept the upload.
Revision history for this message
| Daniel Manrique (roadmr) wrote | #1 |
| Changed in canonical-identity-provider: | |
| status: | New → Won't Fix |
To post a comment you must log in.
I understand your rationale, but we don't want to accept, store or in any way manipulate user's private keys. I think rejecting it is reasonable. It at least forces the user to scratch their head, wonder what they did wrong, and maybe read up a bit on public key encryption, rather than us perpetuating a misconception by doing magic.
Thanks for reporting this!