Skip to content

Commit

Permalink
detect_private_key: add textual version of PKCS #8 encrypted privat…
Browse files Browse the repository at this point in the history 
…e keys

As described by RFC7468 and RFC5958, keys that are encoded using the "ENCRYPTED
PRIVATE KEY" label are described as private key information and therefore can
contain secrets, even though encrypted.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>
  • Loading branch information
Luís Ferreira committed Oct 2, 2021
1 parent cf059f0 commit ccdf02d
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions pre_commit_hooks/detect_private_key.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
b'PuTTY-User-Key-File-2',
b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
b'BEGIN PGP PRIVATE KEY BLOCK',
b'BEGIN ENCRYPTED PRIVATE KEY',
]


Expand Down
1 change: 1 addition & 0 deletions tests/detect_private_key_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
(b'-----BEGIN OPENSSH PRIVATE KEY-----', 1),
(b'PuTTY-User-Key-File-2: ssh-rsa', 1),
(b'---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----', 1),
(b'-----BEGIN ENCRYPTED PRIVATE KEY-----', 1),
(b'ssh-rsa DATA', 0),
(b'ssh-dsa DATA', 0),
# Some arbitrary binary data
Expand Down

0 comments on commit ccdf02d

Please sign in to comment.