From 53e23feff41226826b45293bc4a9fc45f2e44afe Mon Sep 17 00:00:00 2001 From: Nahuel Greco Date: Thu, 31 May 2018 14:23:13 -0300 Subject: [PATCH] joyent/node-sshpk#50 Support PKCS#5 AES-256-CBC encrypted private keys Reviewed by: Alex Wilson --- lib/utils.js | 3 ++- test/assets/p50key.pem | 30 ++++++++++++++++++++++++++++++ test/private-key.js | 16 ++++++++++++++++ 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 test/assets/p50key.pem diff --git a/lib/utils.js b/lib/utils.js index 4dcaf9c..14fee68 100644 --- a/lib/utils.js +++ b/lib/utils.js @@ -87,7 +87,8 @@ function assertCompatible(obj, klass, needVer, name) { var CIPHER_LEN = { 'des-ede3-cbc': { key: 7, iv: 8 }, - 'aes-128-cbc': { key: 16, iv: 16 } + 'aes-128-cbc': { key: 16, iv: 16 }, + 'aes-256-cbc': { key: 32, iv: 16 } }; var PKCS5_SALT_LEN = 8; diff --git a/test/assets/p50key.pem b/test/assets/p50key.pem new file mode 100644 index 0000000..b98e7a7 --- /dev/null +++ b/test/assets/p50key.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,C874518D21E3C9C4F0CA44C8060D631B + +6kCcRk72I+6eYBpvDpMu/hxJKVI9xpsJikmfyc//0HLBP6e95cuk3EHWUG5/2cLb +RSniNWjeIBmxMUlJP7vCdmdnJQ+so/9JzmztwHIEk/kMW1jgNnWH53pUhuNTllFy +M7/c2IOD5gWSrl/MijNNhYaglh2Zn5djJvuoJmmT3lXsIFc1FQw0luDBxYE7l5Rf +PuZxuRgpHwbuAAJ2UW2NDlYxtpOI3ilh90GHl+G/DEks3N/tWvWQKWbkGy10I2Nm +TbBlGf78KU5Br3fIdau5YdKUFT7vFfhuX/txB1eqV7wbMBjeDKEJNylfwANGQyMk +iUZo54FdNCfZC9IYHOxJ2ntNYlV0qnD+JwffE3fmDL+QXAdr5kHY5D/C5vgLelpS +1JNQPNnRll04Sj0b3ozfmPShLhTfyRUXqyngiqLl1rp0/52B4WCZuZUz17JErwas +AN8e0jmNn4nGP/MZAb4sZ2ENirkguoi+yqqeGVRVylAAHzp7yPNLDp53l4vYoQ0R +H99SJ+0I8PZCeODSfQm+c76mQBfUEUXYnD2LUzNZ+qZrtlUS/i0i/3wvJ+Ek4GGL +lm+81KEkbmAzAe+BhXpCa+PUhuo30yhqqneq1fqhi6Hit247nIOAXjEowTYKLwxD +VGHowhBZqyB+YzCApO0KFsbDeTij/VaLdm29JpAWuN6k8l1IUr3kfJerF5oItVv+ +VLNiC0P15yIbY5QaQHM5RkOh0kJcAnvuTRqz0Lq6rVQVE3qvwig86B1TCYO15dB9 +9HyRDFoR2CZ2Dy6nUCQl1nnYa7sD3GxSusoMLN1DxV+afeyW7RBQP3veWxb+nNNu +M6ImxzOOEZuLQ0nG+gny25KoIfH1BuQwTd82SPl7Uez8LrTY41P/SdLxa/UFodM9 +BYWGdbdIgpfcTgdSoGIUvSA86RvnN7umM5DkNH8WMfm7Tfx/GCDEYANBH2yH79cn +s4fCrRsE8QN4cm7LnKrhKZSEaLN5YVjoV4aiDZv3UHYdEwr1GrK2H+FxvEPCFIbh +GEhP34wb9co8kQrUl0LKT+cRt5nTSF+pEDpOaE/h1B58hPNFqZJSeaUaHLUJQ84X +OTJnUS+fU5B/dA/smPKPyqcq7wLjkB/FmIjYm/ezXZ9Qg2IFhBMSxAHuGdxeg8C8 +vypd9E1w36pm0y5E6ilogf1+UI7SsLo2HiUz8jc25SgoMv4W45dv+jwNOAAk26Z/ +vMD0diOAVSTpqtmYVEx/CsEoEXtLg36sUVR+NUFwdhTiVYRuaqhwvcHW4Z14DzLm +tASkhcdd+9bjGUX3oJFsyitqSnMAzajthcEFsUuGaeI/DL+2NRZYrQNOVnmzKPJS +0cnOJnPTI1a93FbWnTjMWLR+iNZHtafUGuf2IYHlFAiR0ekVUQHcUGC4oyKZUaPI +CU9rFRGeql4XYp8UC0pBCTF5a+0Dixs7HUCc4abmlgsxfcQrIa5IFCbzmBQBs6x4 +9XZ9T6qedqFX5Cuy/k/9b8QKQKlzXEPFpmfXvTy0a0OS16ypCia0PuWiLgjCLkzA +lqmgx4ohcj1asGUCItGeGBXbmEaBVLMgz7QDWzuIGdnq+IfVYCn37UyxdCyVkHBr +-----END RSA PRIVATE KEY----- diff --git a/test/private-key.js b/test/private-key.js index 9e4cd9b..0ed132f 100644 --- a/test/private-key.js +++ b/test/private-key.js @@ -241,6 +241,22 @@ test('parse and produce encrypted ssh-private ecdsa', function (t) { t.end(); }); +test('pem pkcs#5 encrypted with aes-256-cbc', function (t) { + var keyPem = fs.readFileSync(path.join(testDir, 'p50key.pem')); + t.throws(function () { + sshpk.parsePrivateKey(keyPem, 'pem'); + }); + t.throws(function () { + sshpk.parsePrivateKey(keyPem, 'pem', + { passphrase: 'incorrect' }); + }); + var key = sshpk.parsePrivateKey(keyPem, 'pem', + { passphrase: 'pass' }); + t.strictEqual(key.type, 'rsa'); + t.strictEqual(key.size, 2048); + t.end(); +}); + var KEY_RSA, KEY_DSA, KEY_ECDSA, KEY_ECDSA2, KEY_ED25519; test('setup keys', function (t) {