Ruby Issue Tracking System: Issueshttps://bugs.ruby-lang.org/https://bugs.ruby-lang.org/favicon.ico?17113305112015-12-05T16:54:33ZRuby Issue Tracking System
Redmine Ruby master - Bug #11774 (Third Party's Issue): OpenSSL::PKey.read produces ArgumentError on inva...https://bugs.ruby-lang.org/issues/117742015-12-05T16:54:33Ztemikus (Artem Yakimenko)code@temik.me
<p>If we try to read out an RSA encrypted key with an invalid passphrase like so:</p>
<pre><code class="ruby syntaxhl" data-language="ruby"><span class="nb">require</span> <span class="s1">'openssl'</span>
<span class="no">OpenSSL</span><span class="o">::</span><span class="no">PKey</span><span class="p">.</span><span class="nf">read</span><span class="p">(</span><span class="no">File</span><span class="p">.</span><span class="nf">read</span><span class="p">(</span><span class="s2">"</span><span class="si">#{</span><span class="no">ENV</span><span class="p">[</span><span class="s1">'HOME'</span><span class="p">]</span><span class="si">}</span><span class="s2">/.ssh/id_rsa"</span><span class="p">),</span> <span class="s1">'invalid'</span><span class="p">)</span>
</code></pre>
<p>We get an argument error:</p>
<pre><code>ArgumentError: Could not parse PKey: no start line
from (pry):6:in `read'
</code></pre>
<p>However, if I understand the situation correctly, it should produce a decode error: <code>OpenSSL::PKey::RSAError</code>, as per the doc:</p>
<blockquote>
</blockquote>
<p>OpenSSL::PKey::RSAError<br>
Generic exception that is raised if an operation on an RSA PKey fails unexpectedly or in case an instantiation of an instance of RSA fails due to non-conformant input data.</p>
<p>Reproduction:</p>
<ol>
<li>
<p>Create a password protected ssh key (if none exists):</p>
<pre><code>ssh-keygen -t rsa -b 4096
</code></pre>
</li>
<li>
<p>Run the following snippet (assuming ~/.ssh/id_rsa is the key location)</p>
<pre><code class="ruby syntaxhl" data-language="ruby"><span class="nb">require</span> <span class="s1">'openssl'</span>
<span class="no">OpenSSL</span><span class="o">::</span><span class="no">PKey</span><span class="p">.</span><span class="nf">read</span><span class="p">(</span><span class="no">File</span><span class="p">.</span><span class="nf">read</span><span class="p">(</span><span class="s2">"</span><span class="si">#{</span><span class="no">ENV</span><span class="p">[</span><span class="s1">'HOME'</span><span class="p">]</span><span class="si">}</span><span class="s2">/.ssh/id_rsa"</span><span class="p">),</span> <span class="s1">'invalid_passphrase'</span><span class="p">)</span>
</code></pre>
</li>
</ol>
<p>Tested on:<br>
MacOSX 10.11.1<br>
OpenSSL 1.0.2d 9 Jul 2015<br>
Ruby 2.1.7<br>
Ruby 2.2.3</p>