Error: PEM_read_bio_PUBKEY after upgrade to Node 10.10

[YangYu000]

• Version: v10.10.0
• Platform: Linux 4.9.0-8-amd64 deps: update openssl to 1.0.1j #1 SMP Debian 4.9.110-3+deb9u4 (2018-08-21) x86_64 GNU/Linux (actually, both Ubuntu and Debian, I have bunch of servers running the service)
• Subsystem: Crypto (I guess)

My code is like

const FS = require('fs');
const JWT = require('jsonwebtoken');
const certPem = FS.readFileSync('./public.pem');
const token = 'xxxx';
JWT.verify(token, certPem, {}, (error, payload) => { ... });

and runs without problem with Node 8 and Node 10.8/10.9 (Ubuntu and Debian, NodeJS offical APT source)

After I upgrade to Node 10.10 yesterday, on JWT.verify throws

Error: PEM_read_bio_PUBKEY failed
    at Verify.verify (internal/crypto/sig.js:122:23)
    at Object.verify (/my/project/path/node_modules/jwa/index.js:89:21)
    at Object.jwsVerify [as verify] (/my/project/path/node_modules/jws/lib/verify-stream.js:54:15)
    at /my/project/path/node_modules/jsonwebtoken/verify.js:116:19
    at getSecret (/my/project/path/node_modules/jsonwebtoken/verify.js:76:14)
    at Object.module.exports [as verify] (/my/project/path/node_modules/jsonwebtoken/verify.js:80:10)

[addaleax]

@nodejs/crypto

[tniessen]

This points to #22553, I'll investigate later.

[tniessen]

@YangYu000 Would it be possible to upload public.pem? Actually, any public key that fails would be enough, it is important to include data surrounding the PEM key though, e.g. whitespace.

[tniessen]

I cannot reproduce this using Node.js 10.9.0 vs 10.10.0 using the code

const assert = require('assert');
const fs = require('fs');
const jwt = require('jsonwebtoken');

const privateKey = fs.readFileSync('./private.pem');
const publicKey = fs.readFileSync('./public.pem');

const token = jwt.sign('Hello world!', privateKey, { algorithm: 'RS256' });
console.log(token);
const payload = jwt.verify(token, publicKey);
console.log(payload);

Valid keys don't produce any errors and any invalid keys I tried produce errors in both versions. It would be helpful to have an example with a key pair that works in previous versions.

[YangYu000]

@tniessen sorry, the pem file in code is confidential and currently using widely in my company business, so I can't show it in public.
But I may generate another for test usage, please wait me for one or two days, thanks.

[tniessen]

@YangYu000 That would be great! As long as the error message pops up, any key pair would be enough.

[tniessen]

Ping @YangYu000.

[YangYu000]

@tniessen Sorry for the delay.
Here's a pem file content ok with node 10.9 and before but fail in 10.10

Bag Attributes
    localKeyID: 21 54 3F 46 7D 44 84 94 F8 7C EE F2 9D 6D 33 1D 27 3E 97 C2
subject=/C=CN/ST=Shanghai/L=Shanghai/O=FungoTec/OU=Tech/CN=Name/emailAddress=edyuy@zmyseries.com
issuer=/C=CN/ST=Shanghai/L=Shanghai/O=FungoTec/OU=Tech/CN=Name/emailAddress=edyuy@zmyseries.com
-----BEGIN CERTIFICATE-----
MIID6DCCAtCgAwIBAgIJAMguk3GtYYASMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD
VQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkxETAPBgNVBAcMCFNoYW5naGFpMREw
DwYDVQQKDAhGdW5nb1RlYzENMAsGA1UECwwEVGVjaDENMAsGA1UEAwwETmFtZTEi
MCAGCSqGSIb3DQEJARYTZWR5dXlAem15c2VyaWVzLmNvbTAeFw0xODA5MjkwMjQw
MjNaFw0xOTA5MjkwMjQwMjNaMIGIMQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hh
bmdoYWkxETAPBgNVBAcMCFNoYW5naGFpMREwDwYDVQQKDAhGdW5nb1RlYzENMAsG
A1UECwwEVGVjaDENMAsGA1UEAwwETmFtZTEiMCAGCSqGSIb3DQEJARYTZWR5dXlA
em15c2VyaWVzLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMY5
M0l1NFMwkwQ8kCgRGD6rZFYPO4GRC6ZfzpEu/ztnFurBH0M4Ifu4JFcuAT+qcQ6I
hFvsADN9mSKtnQVaSzzOAfuLqCiWQ3g1/5gf0lXC2d32iUT7m6f/ZaJ1ZZ0yU/Km
aG2X1BvBR3fW+CpOvSamyLxr/5u3+vl+gLTTv0lRvU7ShVwAFPyeTZ3KmokrPMnP
UlCWakMpzHZb9t0oxlxrUfNkitk5s5F9jNUYZG+fWH+EvB43JnwiUnkAFP3nCvZa
kkX0Z8dQSRtaKPqGApLVY+BWfcjuA4Hz2Cj1BEh8iywtz5A9uoU6Hg1OP66KRy+f
fyx6GhndpJpU0sp+wdcCAwEAAaNTMFEwHQYDVR0OBBYEFFyMaRDETz+7SYnNBlOh
LysLNgSLMB8GA1UdIwQYMBaAFFyMaRDETz+7SYnNBlOhLysLNgSLMA8GA1UdEwEB
/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAE9ovT4y82Z7t15XCB0qILuF0dbu
AHbmMP8+bk9iXTVrQ48NkTvpmVMgHMeBWrR48JdYZDhSdN00OSoihjUXhixUvY+9
dr4cpT3lZZYSBKIhd50TMWjrCnD6lLB4HQpWinrLITfty80YWVDgAobENpwCtMNx
GTs25+XbQgZWrudUQJWHQra2EontAVMMxTjhJBLnWdiKF8wrISCqMoi+ENDvfNtv
elqxoHs6wlzSEE7QEyqozSZPNeRhV6pcaHYHrQtUMCWbAL/YCNXrJrr5WIiNcpBM
R0aaAJjE+3dnz925GZh0e89p5gy9yg/SMWXrJEqUh+sV45k44no3yiTmGrM=
-----END CERTIFICATE-----