Skip to content

Parse PEM keys with empty passphrase #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
btoews merged 1 commit into from
Jun 10, 2019
Merged

Parse PEM keys with empty passphrase #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions lib/ssh_data/private_key.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ def self.parse(key)
when OPENSSH_PEM_TYPE
parse_openssh(key)
when RSA_PEM_TYPE
[RSA.from_openssl(OpenSSL::PKey::RSA.new(key))]
[RSA.from_openssl(OpenSSL::PKey::RSA.new(key, ""))]
when DSA_PEM_TYPE
[DSA.from_openssl(OpenSSL::PKey::DSA.new(key))]
[DSA.from_openssl(OpenSSL::PKey::DSA.new(key, ""))]
when ECDSA_PEM_TYPE
[ECDSA.from_openssl(OpenSSL::PKey::EC.new(key))]
[ECDSA.from_openssl(OpenSSL::PKey::EC.new(key, ""))]
when ENCRYPTED_PEM_TYPE
raise DecryptError, "cannot decode encrypted private keys"
else
Expand Down
15 changes: 15 additions & 0 deletions spec/fixtures/dsa.encrypted.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,CF19675A47CDE014EA0C81A59C6B6269

k1xSi/SoTdSQkoTeEvNsTR211f2rwsn4fso5dGmVkIKVXJ6onPOeHBz+Z5P3Uj/a
WHw6su+RZ4fjnOlKthhfTcuKawu+oq0RFKTkVzV+b43dEmNy8u5hn/VXVsg9Tubo
PxI08zyhg3FkY4P0YjkQJCBZZbRzd9k/eciPhHU04d6EX0m2eDXjUP7U4EO86bK4
o3nIeY6xnclci6+b4bo+pR1+z+9aChIB5wErsmlZtf2Lvpy3gpHrLXgaPl/Rpl2I
IzosnT4QO0NOUtIgvnl8E0/L7NGiJ1cp9Drdt6Vx8mjbA2f3A8Uv0YbbF9PZiurv
MuYuDi2D6LRrc1wWUSEQo51ExZZpHpzB7rgB99P2chl7R6Xwz8uAByeFA5nKtwzc
Z/081h7v9UfLiAoCGc8oT26xuAvNSrTsRil/gegyR4tiwN5upYNNlWOu0SxszszG
k32GIFZMxKnFBIzCOHHlMw7ZV8dm6bciJREn9IlLNlthoaQSylIHO6kIlhEFcUA8
7csp0Q5y411C50dSSNx54l45KsXuUTZ9gMKHkVGPdpRLXyidOVna3puSvq6f+W30
SdlnbFjV+r3EjzB5rzuDT8gTmPmwI5kgClaL1MuJWgg=
-----END DSA PRIVATE KEY-----
12 changes: 0 additions & 12 deletions spec/fixtures/dsa.pem
View file
Open in desktop

This file was deleted.

12 changes: 12 additions & 0 deletions spec/fixtures/dsa.plaintext.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
-----BEGIN DSA PRIVATE KEY-----
MIIBvAIBAAKBgQDxVX7EnH7JSoqL20g3eMhfZN0IeaIMHZdF2L8QFxwAUEr6oh2M
3YTDS6iuhbT7W8TQgeUDD/2PPaHDeFVhyOKwHzlfdHwSl8eEcWRSYv6udVZoBfwW
YApgWQloKw24noMpeFrBYITG9XtJ4zV6To9zXoNio/SXbHommjlirvnLKwIVAMw9
7lVT+UR/yB6cHj7JFSrOaubjAoGBAOAt8s32b6NQBVHK3CIG5s1H/OEEQNNCzm37
LdwINrWqAnS3s3jGR43JrXqRmRbhe2jbXr404xXHpKAJc0LsgYyw01JS0hJ/AFQo
dDKkSTF2QWBV05h1em7+AGv8qz/bywO2HlAHtvDiBlq9gk2MYnqbTBbWHnCvEXtt
mY1LA3ArAoGBAI5XYEdozb9XH0eFiMv1yPyrbPbM37Sp++OPLmvCzadJzbGGDvA7
ymxopqJajV6lET+ZBavIKnKlWuJWYhDsoGfm59Jy3o5zKatjTDN3JJak2aGxYp+j
Lvn6S95wOVDdPv5Df3AtBeNqRefnpxs2NjVewRGX82yO5qS0lM8htZTBAhQPwe3T
xwl1zb83tbIYbtgcuwaw5g==
-----END DSA PRIVATE KEY-----
8 changes: 8 additions & 0 deletions spec/fixtures/ecdsa.encrypted.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,2866C4AEE9C2595C6082806F9D1622B5

vvetCE7TqlG74iCO3kR3f1MY9+pVMkkcsDToPxer7iDI+lnqgOjKUebuTDdjB6Vi
6Hq0n6EeoaQdDfhcGvFamNPf/FGk9ptXIEztvC0T59xrxqgi4mkJgTMhAnyFRFn+
jVywGSwcge/9xTjbJxcJfr4oqZty7JIZpEFyiBc+9Ww=
-----END EC PRIVATE KEY-----
5 changes: 0 additions & 5 deletions spec/fixtures/ecdsa.pem
View file
Open in desktop

This file was deleted.

5 changes: 5 additions & 0 deletions spec/fixtures/ecdsa.plaintext.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEIA6w+3yQjVlJToULhwwuKfQkW5sphlGunAdxHYXYKcMSoAoGCCqGSM49
AwEHoUQDQgAEVxneWIp1oQCiPlcQ/B/FBls1C167N2zGh8WzCeM8MrjDl4ir2SBx
in2h+UX0zphNediQqI6NBt8hSBShPjOb2w==
-----END EC PRIVATE KEY-----
9 changes: 6 additions & 3 deletions spec/fixtures/gen.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,12 @@ ssh-keygen -ted25519 -N "" -f ./ed25519_leaf_for_rsa_ca
ssh-keygen -s rsa_ca -z 123 -n p1,p2 -O clear -I my-ident -O critical:foo=bar -O extension:baz=qwer -O permit-X11-forwarding ed25519_leaf_for_rsa_ca.pub

# pem encoded keys
openssl genrsa -out rsa.pem 2048
openssl dsaparam -noout -out dsa.pem -genkey 1024
openssl ecparam -noout -out ecdsa.pem -name prime256v1 -genkey
openssl genrsa -out rsa.plaintext.pem 2048
openssl rsa -aes-128-cbc -passout pass:mypass -in rsa.plaintext.pem -out rsa.encrypted.pem
openssl dsaparam -noout -out dsa.plaintext.pem -genkey 1024
openssl dsa -aes-128-cbc -passout pass:mypass -in dsa.plaintext.pem -out dsa.encrypted.pem
openssl ecparam -noout -out ecdsa.plaintext.pem -name prime256v1 -genkey
openssl ec -aes-128-cbc -passout pass:mypass -in ecdsa.plaintext.pem -out ecdsa.encrypted.pem
chmod 400 *.pem

# Create a certificate with a bad signature. We use ed25519 because the
Expand Down
30 changes: 30 additions & 0 deletions spec/fixtures/rsa.encrypted.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,B4D888F772E67B66E03C79A4744D73E2

VBXhsN26cPD3411FTHS8FCPv5efiq64w3ewaFO0g+iuor/AAXf9gCpe2g6njgIh9
HnFkZ6zUd5pNCG4JBz//82SMT7gDzpZCETQw+cPP4jwd2JZFlj48KAqFmKxyUuLu
O8X33qL5y+VP/OQYNyntsUphk2zMAZs4guU/jDoaNz8iHWLW03OxUBEnC3Dw1tJ8
Utg+9Bmb2nO3dBaSMPoyAFY7ad3UHTpcbWbw+Jvhiqm5BFvDAwwKehsOAPpMqLeN
Kdah9rfGchhKk6zAZwAyhRTZ3UcocZ778bd5nvs68kO32A6a3fRyZGVbFhA2KEcQ
12kX/6u4hw1ROlvicTPsrniWSQLWewcbedpmvZGlXSbsb1dGtnBgdg9yIfWc/w+6
DrJuq4+CWz1pfnMKM5VmbZyoNlgPawE0NwiGhA0gC+qnepWSaMV3OIDYzsLugz1H
qjRThUdy+jeXDiGBTA3WLvR+x9dBaF15uis4DK9Q708VzyJH/QiPw1CSCycBu/Fa
rFGcl3iJwTE7YWOzRCwoNUocBMzTY3LgGhk8NlaCWPRxhVhzQNXR71ddUdQSR9/J
0nX7te9Sp8xjtVNT6ULqAr1Tq0Vwnq1Sx8xiFjVTeoTs/qdHMPLAjCrfBr6BAKhx
zLOC3q0UTAguWfhoo/Ekv9eTegkSwuzUFJ9T3jFT6pdznfEKuvRe4rplcJQ6FEJO
VT5wrhBszlA2vxN20Gnw4osbccHKYtibU2wkC+OOoMU2gQ2FNXxQ76lYs8T81yCU
KoLUYtG1RqFajSnoen7OsmN0RU7rD5Hd7c5yznx/Npv0R4/yUhv7wfGIZ8auWknS
GTPT9OX85k8KZnLvubVnVmfRi4IlcTg7DywpvR3cPBw+iMXHEhzn1RWg58Hmw92c
21MBMtg1X+SKgwGWvwWnA3BcvDdjNK7DguJCDlqIQVdT64AXjrAx6MxtsNaJ+OVw
hejaSQuOZaWIx1hW3MWeDWYYQaDeTcmZhKMtLImX7NiX/6WD/KjlugyH7eq9bl8R
kzSyZDlvx0emkBb0crxoY3qq+f7oWMx7G+Frzwg4izk5VZjGLVPCKqvXtQ425HCT
BE5JtCBK6nLiAQO3APSaRgZsAjzY65Yz9ZaITL3djA5C9npeS/zVhPr5TTcsCQpC
ZQKDj89cO3Wpg4DVVpN4SyyLuRVHPzs/XfJy24YdaSCLBJF3UTGiD5MK5+vraJaD
of7dj05VC5mN5e9tNW3O/D3ZdSSzEuYn0GECxDvO0HaSutL93RelwTDfYIhmgqTp
uxe+9ur9MPl6dlE7bLvw509rnzsJEdpaaQQyJfL5kKWDHkjLVBuJ7HhJASucKWl5
CvT3BH1tjuddoW5tXXx50VHS9ystC/0FRqaIr99eoxTtHSRVmEaCEPGBDdA2fgE/
VoRPsVd2SECqmD1cGW2KvxCq+g6sOgyrH3CJkv4NAh/r1d9xuFAQVuGe1UXTbyYi
54ouZlnSVygknL9jksPEZgOzqVKZlMcwPJJfAVIAJZWewpjMkDVmV2OJtx63idAB
J/c9ws6jaibgoC3A98GHcknNik+tvF+x2uEjYvqW1fDmmrZsm62hUX3ZO3C19dbw
-----END RSA PRIVATE KEY-----
27 changes: 0 additions & 27 deletions spec/fixtures/rsa.pem
View file
Open in desktop

This file was deleted.

27 changes: 27 additions & 0 deletions spec/fixtures/rsa.plaintext.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAp3ajAPP2/RJJMaJpDvNjd5L1/Le809y2rrLfGyfj5+OlzXKL
TFY/mKRaGu+cJH77THwqzcjjPowr2fJ1g2zH/Jp5YFRdlZqVx3IM+bNKVzv65lK2
PiQ15LS0UZAwa89jJGUG8a4JbmmB/r/3Tfr6UZ1vlxRJhRUfXcqhTOamgAOigaLM
x9fSxWhXMF4I4mdQ2qr67vg+CWC0lZB+3Sc2X2PZKNpNdqsA0sE+ftRmBGVOfI8f
8JGDi0aCrn7te9mK3Mf3FFLfpv2hVLXVFUbvU87U6DqNNVgyGN6V4bpNQSJaWQ+d
vZiFdVLfpM6W5clHGpNPh4OCRXpBOAtfF6PZgwIDAQABAoIBAQCZS2h7ftghYZPO
87ToErSCyOyUoj0gU3KHCQZifWmK5EDqiGgrQOiGeixha+WrIvI3WZJ1PeeHYhji
MaiQ3gtTmLRzEcd5I0DoieaGzTDIGgfavuxEhjEvYpuN7kfk6LsAndp1cbMAd2Sg
Jmnj4FM0UsHLsq56PJOx78Mn+huAIleELnkpa0WHSxoRL9khdVjrqiOmfo2Frpno
k/vu7k1yAgFELDefalWD/KylOoFVMMjSM7WLcFsct8TA4rvS1LHqsGrkg/ifjrGp
FS9b2WAZvLtZSxprCNIPN51rWaiLaikPT9bXhjTMElSV1bWP7jpbR/GZUvmNY6es
kM//9rwBAoGBAN8taKBQU6n/XX0Gu+VCN1/UJ+QvU+qYsv+cce59DoybMMTbncAh
0qMIZVSP/AG6/RvsLNBrGZInKGH6I5NIAi4rrGsDMwiMpzJ+025NS9gtja/MDniR
bFf8Ns0XgCxXt1X7yPcQ9BVuwUkg00RXqyLHPxeJyKLbeP/u2ExKGENBAoGBAMAX
m2Am7pJRJs4pdFmxzxUJXdjsFHxjNes4wusrcjjnvUolGeLMFJlEDR7w5a1yDmOk
O6IsPbW7BTwmCcbfsGy0gu1N/0AyyIQ9qyFf222BR5NIC8U1m6PvWOfx9637Zawl
UfVmKQK9leuwWedwxvGoj7v/NmfLGt73x1CW09/DAoGBAK9QonHc5/wQyEXgtlVf
8NPsevG7Y/ZTwbkeEjnAL1+wwVzDEGbPqwG7JK6K9PH/C7mVi5alq06uSAC/WJbn
6B6Q3D6sIrjClM0L59csDTpifnzslSmNQ0jSrdHqdhtfRHvc8H905+i2OkvR52Q2
Yg9N6Xf6GowkUCbsXyl+wxSBAoGAd2G0hMttVa3tqg8FaoEhK/fIRXpjOPMHnYqH
SVSVBlyvvZbVQaiH3MD4TpR0iZjq7G4zSZSpPXpfxIP3a4u1v7ln7UeeLS3ihJ02
7+T9IE9KRnRuLEAm3HlyDaTJw20MQTJof1Tgg/2DYRkWpsnmOmYB/lqcW2FU7+Ga
E7HJN7UCgYACx0+RjAnI40JzaZzl/m+eh9f06ChpphWoNqrohXjbm0/9tuxjxY8n
b7JmjnvZgMrKTJQIxkSZyF9pU/aCGXOZt+2VI8zuaFEUe686tK+piu337GBjZnIT
3LjbYETRsWE3FqJG1+KwpzVeZ2QSp9J+SMcNTREFPRzTnXzogwF37w==
-----END RSA PRIVATE KEY-----
14 changes: 13 additions & 1 deletion spec/private_key_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
require_relative "./spec_helper"

describe SSHData::PrivateKey do
(Dir["spec/fixtures/*for_rsa_ca"] + Dir["spec/fixtures/*.pem"]).each do |path|
(Dir["spec/fixtures/*for_rsa_ca"] + Dir["spec/fixtures/*.plaintext.pem"]).each do |path|
name = File.basename(path)

describe name do
Expand Down Expand Up @@ -29,6 +29,18 @@
end
end

Dir["spec/fixtures/*.encrypted.pem"].each do |path|
name = File.basename(path)

describe name do
it "raises DecodeError parsing #{name}" do
expect {
described_class.parse(fixture(name))
}.to raise_error(SSHData::DecryptError)
end
end
end

it "raises on unknown PEM types" do
expect {
described_class.parse(<<-PEM.gsub(/^ /, ""))
Expand Down