Bug #11774

closed produces ArgumentError on invalid passphrases

Added by temikus (Artem Yakimenko) over 8 years ago. Updated over 6 years ago.

Third Party's Issue
Target version:
ruby -v:
ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin15]


If we try to read out an RSA encrypted key with an invalid passphrase like so:

require 'openssl'"#{ENV['HOME']}/.ssh/id_rsa"), 'invalid')

We get an argument error:

ArgumentError: Could not parse PKey: no start line
from (pry):6:in `read'

However, if I understand the situation correctly, it should produce a decode error: OpenSSL::PKey::RSAError, as per the doc:

Generic exception that is raised if an operation on an RSA PKey fails unexpectedly or in case an instantiation of an instance of RSA fails due to non-conformant input data.


  1. Create a password protected ssh key (if none exists):

    ssh-keygen -t rsa -b 4096
  2. Run the following snippet (assuming ~/.ssh/id_rsa is the key location)

    require 'openssl'"#{ENV['HOME']}/.ssh/id_rsa"), 'invalid_passphrase')

Tested on:
MacOSX 10.11.1
OpenSSL 1.0.2d 9 Jul 2015
Ruby 2.1.7
Ruby 2.2.3

Updated by nobu (Nobuyoshi Nakada) over 8 years ago

  • Description updated (diff)

Seems that OpenSSL doesn't tell what kind failure happened.

Updated by ko1 (Koichi Sasada) over 8 years ago

  • Assignee set to 7150

Updated by rhenium (Kazuki Yamaguchi) about 8 years ago

  • Status changed from Open to Feedback

OpenSSL does not give the information what type of key is contained in the PEM when an error occurs. So it's impossible to raise PKey::RSAError here.

But for consistency with PKey::{DH,DSA,RSA,EC}.new, it may be better to raise PKey::PKeyError (is the super class of PKey::RSAError) rather than ArgumentError.

Actions #4

Updated by rhenium (Kazuki Yamaguchi) over 6 years ago

  • Status changed from Feedback to Third Party's Issue

Also available in: Atom PDF