Thread 'main' panicked at 'Error decoding public RSA Key. InvalidKeyFormat': src/auth.rs:40 #1075

New Issue

Closed

opened 2026-02-04 23:50:09 +03:00 by OVERLORD · 1 comment

OVERLORD commented 2026-02-04 23:50:09 +03:00

Owner

Copy Link

Originally created by @KnightTim on GitHub (Jul 11, 2021).

Subject of the issue

After attempting to upgrade from Version 1.21.0 to Version 1.22.1 when I try to start the service with v1.22.1 I get:
Process: 24471 ExecStart=/opt/bitwarden/bitwarden_rs (code=exited, status=101)
If I run the executable on the command line it displays the following error:

{
[panic][ERROR] thread 'main' panicked at 'Error decoding public RSA Key.
InvalidKeyFormat': src/auth.rs:40
   0: vaultwarden::init_logging::{{closure}}
   1: std::panicking::rust_panic_with_hook
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:626:17
   2: std::panicking::begin_panic_handler::{{closure}}
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:519:13
   3: std::sys_common::backtrace::__rust_end_short_backtrace
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/sys_common/backtrace.rs:141:18
   4: rust_begin_unwind
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:515:5
   5: std::panicking::begin_panic_fmt
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:457:5
   6: vaultwarden::auth::PUBLIC_RSA_KEY::{{closure}}::{{closure}}
   7: core::ops::function::FnOnce::call_once
   8: once_cell::imp::OnceCell<T>::initialize::{{closure}}
   9: once_cell::imp::initialize_inner
  10: once_cell::imp::OnceCell<T>::initialize
  11: vaultwarden::main
  12: std::sys_common::backtrace::__rust_begin_short_backtrace
  13: std::rt::lang_start::{{closure}}
  14: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/core/src/ops/function.rs:259:13
      std::panicking::try::do_call
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:401:40
      std::panicking::try
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:365:19
      std::panic::catch_unwind
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panic.rs:434:14
      std::rt::lang_start_internal::{{closure}}
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/rt.rs:45:48
      std::panicking::try::do_call
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:401:40
      std::panicking::try
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:365:19
      std::panic::catch_unwind
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panic.rs:434:14
      std::rt::lang_start_internal
             at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/rt.rs:45:20
  15: main
  16: __libc_start_main
  17: _start

# 101 //This is the exit code
}

The rsa_key.pem file is UTF-8 format with unix style line feeds. The rsa_key.pub.pem is blank.
I believe it would be a security risk to share my rsa_key files.

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.21.0 // Only running this to get to the admin page
• Web-vault version: v2.20.4b
• Running within Docker: false
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: false
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.33.0
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

{
  "_duo_akey": "***",
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://**.************.**:****",
  "domain_origin": "*****://**.************.**:****",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/var/log/bitwarden/bitwarden.log",
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": true,
  "signups_domains_whitelist": "************.**,*********.**,***********.******,*****.***,*********.***,*****.***,******.***",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "*********@************.**",
  "smtp_from_name": "Bitwarden Server",
  "smtp_host": "****.*******.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*****@************.**",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "127.0.0.1",
  "websocket_enabled": true,
  "websocket_port": 9455,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

• vaultwarden version: 1.22.1

• Install method: Built from source (following this guide)

• Clients used: N/A

• Reverse proxy and version: NGINX, but N/A in this case.

• MySQL/MariaDB or PostgreSQL version: SQLite

• Other relevant details: Likely related to this commit: 46e0f3c43a

Steps to reproduce

Update an existing built from source install of vaultwarden v1.22.0 or earlier by replacing the previous executable file with the new one of v1.22.1.

Expected behaviour

No crash

Actual behaviour

a panic and crash when trying to read RSA keys

Troubleshooting data

👆 See description above.

Originally created by @KnightTim on GitHub (Jul 11, 2021). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> After attempting to upgrade from Version 1.21.0 to Version 1.22.1 when I try to start the service with v1.22.1 I get: `Process: 24471 ExecStart=/opt/bitwarden/bitwarden_rs (code=exited, status=101)` If I run the executable on the command line it displays the following error: ```sh { [panic][ERROR] thread 'main' panicked at 'Error decoding public RSA Key. InvalidKeyFormat': src/auth.rs:40 0: vaultwarden::init_logging::{{closure}} 1: std::panicking::rust_panic_with_hook at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:626:17 2: std::panicking::begin_panic_handler::{{closure}} at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:519:13 3: std::sys_common::backtrace::__rust_end_short_backtrace at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/sys_common/backtrace.rs:141:18 4: rust_begin_unwind at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:515:5 5: std::panicking::begin_panic_fmt at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:457:5 6: vaultwarden::auth::PUBLIC_RSA_KEY::{{closure}}::{{closure}} 7: core::ops::function::FnOnce::call_once 8: once_cell::imp::OnceCell<T>::initialize::{{closure}} 9: once_cell::imp::initialize_inner 10: once_cell::imp::OnceCell<T>::initialize 11: vaultwarden::main 12: std::sys_common::backtrace::__rust_begin_short_backtrace 13: std::rt::lang_start::{{closure}} 14: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/core/src/ops/function.rs:259:13 std::panicking::try::do_call at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:401:40 std::panicking::try at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:365:19 std::panic::catch_unwind at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panic.rs:434:14 std::rt::lang_start_internal::{{closure}} at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/rt.rs:45:48 std::panicking::try::do_call at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:401:40 std::panicking::try at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panicking.rs:365:19 std::panic::catch_unwind at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/panic.rs:434:14 std::rt::lang_start_internal at /rustc/5a7834050f3a0ebcd117b4ddf0bc1e8459594309/library/std/src/rt.rs:45:20 15: main 16: __libc_start_main 17: _start # 101 //This is the exit code } ``` The rsa_key.pem file is UTF-8 format with unix style line feeds. The rsa_key.pub.pem is blank. I believe it would be a security risk to share my rsa_key files. ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.21.0 // Only running this to get to the admin page * Web-vault version: v2.20.4b * Running within Docker: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: false * HTTPS Check: true * Database type: SQLite * Database version: 3.33.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) ```json { "_duo_akey": "***", "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://**.************.**:****", "domain_origin": "*****://**.************.**:****", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/var/log/bitwarden/bitwarden.log", "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": true, "signups_domains_whitelist": "************.**,*********.**,***********.******,*****.***,*********.***,*****.***,******.***", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "*********@************.**", "smtp_from_name": "Bitwarden Server", "smtp_host": "****.*******.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*****@************.**", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "127.0.0.1", "websocket_enabled": true, "websocket_port": 9455, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.22.1 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: Built from source (following [this](https://pieterhollander.nl/post/bitwarden/) guide) * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> N/A * Reverse proxy and version: <!-- if applicable --> NGINX, but N/A in this case. * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> SQLite * Other relevant details: Likely related to this commit: https://github.com/dani-garcia/vaultwarden/commit/46e0f3c43a81ce9411612c152e414162a9c220ac ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> Update an existing built from source install of vaultwarden v1.22.0 or earlier by replacing the previous executable file with the new one of v1.22.1. ### Expected behaviour <!-- Tell us what you expected to happen --> No crash ### Actual behaviour <!-- Tell us what actually happened --> a panic and crash when trying to read RSA keys ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> 👆 See description above.

OVERLORD closed this issue 2026-02-04 23:50:13 +03:00

OVERLORD commented 2026-02-04 23:50:16 +03:00

Author

Owner

Copy Link

@KnightTim commented on GitHub (Jul 11, 2021):

Nevermind, I figured out the issue.

When I built the latest version of the server the storage on my server was filled and no new files could be written. When I ran the latest version it created rsa_key.pub.pem but was unable to write any data to the file, so it was blank.

I deleted the blank file and reran the latest server version and the following lines were displayed:

[vaultwarden][INFO] Public key created correctly.
Running migration 20210430233251
Running migration 20210511205202

Looks like it's all good now. Sorry to bother you and thanks again for this awesome project.

@KnightTim commented on GitHub (Jul 11, 2021): _Nevermind, I figured out the issue._ When I built the latest version of the server the storage on my server was filled and no new files could be written. When I ran the latest version it created rsa_key.pub.pem but was unable to write any data to the file, so it was blank. I deleted the blank file and reran the latest server version and the following lines were displayed: ```sh [vaultwarden][INFO] Public key created correctly. Running migration 20210430233251 Running migration 20210511205202 ``` Looks like it's all good now. Sorry to bother you and thanks again for this awesome project.

OVERLORD referenced this issue 2026-02-05 05:00:16 +03:00

[PR #1075] [MERGED] Push an extra `latest-arm32v6` tag #2843

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1075