Bug #11774
closedOpenSSL::PKey.read produces ArgumentError on invalid passphrases
Description
If we try to read out an RSA encrypted key with an invalid passphrase like so:
require 'openssl'
OpenSSL::PKey.read(File.read("#{ENV['HOME']}/.ssh/id_rsa"), 'invalid')
We get an argument error:
ArgumentError: Could not parse PKey: no start line
from (pry):6:in `read'
However, if I understand the situation correctly, it should produce a decode error: OpenSSL::PKey::RSAError
, as per the doc:
OpenSSL::PKey::RSAError
Generic exception that is raised if an operation on an RSA PKey fails unexpectedly or in case an instantiation of an instance of RSA fails due to non-conformant input data.
Reproduction:
-
Create a password protected ssh key (if none exists):
ssh-keygen -t rsa -b 4096
-
Run the following snippet (assuming ~/.ssh/id_rsa is the key location)
require 'openssl' OpenSSL::PKey.read(File.read("#{ENV['HOME']}/.ssh/id_rsa"), 'invalid_passphrase')
Tested on:
MacOSX 10.11.1
OpenSSL 1.0.2d 9 Jul 2015
Ruby 2.1.7
Ruby 2.2.3
Updated by nobu (Nobuyoshi Nakada) almost 9 years ago
- Description updated (diff)
Seems that OpenSSL doesn't tell what kind failure happened.
Updated by ko1 (Koichi Sasada) almost 9 years ago
- Assignee set to 7150
Updated by rhenium (Kazuki Yamaguchi) over 8 years ago
- Status changed from Open to Feedback
OpenSSL does not give the information what type of key is contained in the PEM when an error occurs. So it's impossible to raise PKey::RSAError here.
But for consistency with PKey::{DH,DSA,RSA,EC}.new, it may be better to raise PKey::PKeyError (is the super class of PKey::RSAError) rather than ArgumentError.
Updated by rhenium (Kazuki Yamaguchi) almost 7 years ago
- Status changed from Feedback to Third Party's Issue