I have been successfully running mender-server 2.4.1 for a while now.
I wanted to change one of my devices device-auth keys, and decided to change from previous RSA key to ECDSA secp384r1 keys.
I decommissioned the device.
Now when i use the deviceauth api the server responds “invalid auth request: cannot decode public key”, if i change back to original RSA key it works fine again and the device is pending.
So i went about validating everything to ensure the ECDSA keys are valid, they are. Tried secp256r1 same problem. I then broke out the deviceauth ParsePubKey golang function that looks like the code that’s failing, and when i run this code locally against the public key that i’m sending to the server, it all passes fine.
And this behaviour for me is repeatable in my live cloud instance and my local vm instance all running exactly the same versions and using the exact OS and rootfs. (VM was built from snapshot of cloud disk).
During the process of debugging I decided to checkout 2.4.1 and compile the deviceauth 2.4.1 docker service for myself in the VM with the intent to try and get more debug info on the problem. Before making any changes i rebuilt the deviceauth 2.4.1 image locally and replaced the existing image and container.
and thank you for using Mender.
I really appreciate a detailed description and the tests you have made. Not much I could add. I will have to try to replicate that and come back to you.
I gather that for the time being you are not blocked?