do_convert_from_pkcs8: /dev/fd/63 不是可识别的 public 密钥格式
do_convert_from_pkcs8: /dev/fd/63 is not a recognised public key format
我正在尝试使用以下脚本检索我的 PIV 密钥:
getPIVkey.sh
NAME=`security find-certificate | grep PIV | sed 's;keychain:";;g' | sed 's;";;g'`
echo $NAME
ssh-keygen -i -m pkcs8 -f <(security find-certificate -p "$NAME" | openssl x509 -noout -pubkey)
在 Mac OS High Sierra 10.13.4 上。我得到:
./getPIVPub.sh
keychain: PIV-Bill K Brown (piv)
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
unable to load certificate
140735828857800:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: TRUSTED CERTIFICATE
do_convert_from_pkcs8: /dev/fd/63 is not a recognised public key format
您的第一个 sed 命令中似乎缺少 space,位于 keychain: 和引号之间。所以你设置 NAME 变量的命令应该是
NAME=`security find-certificate | grep PIV | sed 's;keychain: ";;g' | sed 's;";;g'`
使用改进的 sed 命令,NAME 的(打印)值不应再以 keychain: 开头,而只包含名称。
由于 NAME 中的错误值,第二个 security find-certificate 命令失败,因此输出 The specified output could not be found in the keychain.。之后执行的命令也会失败。
仅供参考,在 Why does process substitution result in a file called /dev/fd/63 which is a pipe?
问题的答案中解释了引用 /dev/fd/63 的原因
我正在尝试使用以下脚本检索我的 PIV 密钥:
getPIVkey.sh
NAME=`security find-certificate | grep PIV | sed 's;keychain:";;g' | sed 's;";;g'`
echo $NAME
ssh-keygen -i -m pkcs8 -f <(security find-certificate -p "$NAME" | openssl x509 -noout -pubkey)
在 Mac OS High Sierra 10.13.4 上。我得到:
./getPIVPub.sh
keychain: PIV-Bill K Brown (piv)
security: SecKeychainSearchCopyNext: The specified item could not be found in the keychain.
unable to load certificate
140735828857800:error:0906D06C:PEM routines:PEM_read_bio:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/crypto/pem/pem_lib.c:704:Expecting: TRUSTED CERTIFICATE
do_convert_from_pkcs8: /dev/fd/63 is not a recognised public key format
您的第一个 sed 命令中似乎缺少 space,位于 keychain: 和引号之间。所以你设置 NAME 变量的命令应该是
NAME=`security find-certificate | grep PIV | sed 's;keychain: ";;g' | sed 's;";;g'`
使用改进的 sed 命令,NAME 的(打印)值不应再以 keychain: 开头,而只包含名称。
由于 NAME 中的错误值,第二个 security find-certificate 命令失败,因此输出 The specified output could not be found in the keychain.。之后执行的命令也会失败。
仅供参考,在 Why does process substitution result in a file called /dev/fd/63 which is a pipe?
问题的答案中解释了引用/dev/fd/63 的原因