From 4432fa780d12a25b87d744f394c5112f9677bcf7 Mon Sep 17 00:00:00 2001 From: Alex Wilson Date: Tue, 22 Sep 2015 11:56:51 -0700 Subject: [PATCH] Parse RFC1421 headers in PEM format, error on encrypted private key --- lib/formats/pem.js | 20 +++++++++++++++++++- test/pem.js | 22 +++++++++++++++++++++- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/lib/formats/pem.js b/lib/formats/pem.js index 785a8a6..1217b16 100644 --- a/lib/formats/pem.js +++ b/lib/formats/pem.js @@ -41,8 +41,26 @@ function read(buf) { alg = m[1].trim(); } + var headers = {}; + while (true) { + lines = lines.slice(1); + m = lines[0].match(/*JSSTYLED*/ + /^([A-Za-z0-9-]+): (.+)$/); + if (!m) + break; + headers[m[1].toLowerCase()] = m[2]; + } + if (headers['proc-type']) { + var parts = headers['proc-type'].split(','); + if (parts[0] === '4' && parts[1] === 'ENCRYPTED') { + throw (new Error('PEM key is encrypted ' + + '(password-protected). Please use the ' + + 'SSH agent or decrypt the key.')); + } + } + /* Chop off the first and last lines */ - lines = lines.slice(1, -2).join(''); + lines = lines.slice(0, -2).join(''); buf = new Buffer(lines, 'base64'); var der = new asn1.BerReader(buf); diff --git a/test/pem.js b/test/pem.js index 2153b35..2caad62 100644 --- a/test/pem.js +++ b/test/pem.js @@ -114,6 +114,21 @@ var DSA_1024_PEM = '-----BEGIN PUBLIC KEY-----\n' + 'W8SOb2668IL7Vg==\n' + '-----END PUBLIC KEY-----\n'; +var ENC_PRIVATE = '-----BEGIN RSA PRIVATE KEY-----\n' + + 'Proc-Type: 4,ENCRYPTED\n' + + 'DEK-Info: AES-128-CBC,B3095F1FAF29BE6554540D24F17D14DB\n\n' + + '1OJdgfzsXazrhPZ7pO9Q27Pr97+OsU8FUxiCrDrEP71piJMJrmifue9KfOoAmC1L\n' + + 'FhaKXGSmRnP1/odgG7KBJ8ybIkZ5gVMz/dU4hR0SyA3zLMx+sV68oqYYw4s0EjrA\n' + + 'KYzQmMc78ouC6yQA4r+psgJ2sgK5VwwB48c0J5lO60HUeyEsno6iGY7VW/Kmt76O\n' + + 'Kl8/LwA9qE2U/1u6pRsoaD34CD2E+m/IwCUIyLeri04tiMfyE0RKTL9EacvxExCu\n' + + 'ucwBlvtGIcQcChw1JJqGxTXBeCrz8Kb3uWNrZ+MME3OEh4qWFPgT6XqeE/gociym\n' + + 'rhyKffZKsnJts0TqxqSuxtpLM5+WaYAGbkEHzuC/chOsynFRKxZomV65ddufmO3N\n' + + 'Kb8B3H+2+Fo9x5iucEBhj4MBLHlZ7ZkQ8yEP+E0d0PuPRIFZ3aRcKPuaoZIc/AiQ\n' + + '8w1GGAU1TZWWHs1L4pF7OWyWwuq3NkzWLzL7MkNx++zmxXpIPMKDnFTLuBu24nCk\n' + + 'gBx85sgirfSJBwx1mpQzsD1PSE7krAzlA4DRfgPChAWJnlUn89aPJ52uokHneJIK\n' + + 'z8/ApT6HCd3EnH9VHEtXp116ZVk4PhRiiOMY/ek2uhFK57wgMxOrRM3OgODrd+5A\n' + + '-----END RSA PRIVATE KEY-----\n'; + ///--- Tests test('1024b pem to rsa ssh key', function(t) { @@ -168,4 +183,9 @@ test('1024b dsa ssh key', function(t) { t.end(); }); - +test('encrypted private key', function(t) { + t.throws(function () { + var k = sshpk.parseKey(ENC_PRIVATE, 'pem'); + }); + t.end(); +});