crypt/ssh-vault
1
0
Fork 0
mirror of https://github.com/ssh-vault/ssh-vault.git synced 2025-07-29 18:01:12 +03:00
Code Activity

Support encrypted openssh private keys (#50)

Browse Source 
Currently ssh-vault does not appear to support encrypted openssh private
keys, i.e. those which type is "OPENSSH PRIVATE KEY". While trying to
view a file encrypted against such a key, user gets the following error:

    could not parse private key: ssh: this private key is passphrase protected

This commit fixes the problem by trying to decrypt the key without
password first and then handling missing password error appropriately.
This commit is contained in:
Modestas Vainius
2021-07-12 00:08:01 +03:00
committed by GitHub
parent 26fb49ce75
commit 4a7c1d3e74
1 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
view.go
View File

@ -4,7 +4,6 @@ import (
"bufio"
"bytes"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
@ -77,7 +76,8 @@ func (v *vault) View() ([]byte, error) {
var privateKey interface{}
if x509.IsEncryptedPEMBlock(block) {
privateKey, err = ssh.ParseRawPrivateKey(keyFile)
if err, ok := err.(*ssh.PassphraseMissingError); ok {
keyPassword, err := v.GetPassword()
if err != nil {
return nil, fmt.Errorf("unable to get private key password, Decryption failed")
@ -87,11 +87,8 @@ func (v *vault) View() ([]byte, error) {
if err != nil {
return nil, fmt.Errorf("could not parse private key: %v", err)
}
} else {
privateKey, err = ssh.ParseRawPrivateKey(keyFile)
if err != nil {
return nil, fmt.Errorf("could not parse private key: %v", err)
}
} else if err != nil {
return nil, fmt.Errorf("could not parse private key: %v", err)
}
ciphertext, err := base64.StdEncoding.DecodeString(payload[0])