Skip to content

x/crypto/ssh: ParseRawPrivateKeyWithPassphrase doesn't support PKCS#8 encrypted keys #43387

Open
@eurozulu

Description

@eurozulu

What version of Go are you using (go version)?

go version go1.15.4 darwin/amd64

Does this issue reproduce with the latest release? Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOOS="darwin"

go env Output
GO111MODULE=""
GOARCH="amd64"
GOBIN=""
GOCACHE="/Users/rob/Library/Caches/go-build"
GOENV="/Users/rob/Library/Application Support/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOINSECURE=""
GOMODCACHE="/Users/rob/development/go/pkg/mod"
GONOPROXY=""
GONOSUMDB=""
GOOS="darwin"
GOPATH="/Users/rob/development/go"
GOPRIVATE=""
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/Cellar/go/1.15.4/libexec"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/Cellar/go/1.15.4/libexec/pkg/tool/darwin_amd64"
GCCGO="gccgo"

What did you do?

When decrypting a private key PEM block, using ssh package, there are two methods:
ParseRawPrivateKeyWithPassphrase.
ParseRawPrivateKey.

ParseRawPrivateKey accepts PEM blocks with type "PRIVATE KEY" (with no other qualifier) and decrypts using x509.ParsePKCS8PrivateKey however ParseRawPrivateKeyWithPassphrase does not. Both accept blocks with
"RSA PRIVATE KEY", "EC PRIVATE KEY", "DSA PRIVATE KEY" and "OPENSSH PRIVATE KEY" but ParseRawPrivateKeyWithPassphrase seems to be missing the 'case' for "PRIVATE KEY" on its own.
As methods perform the same task, just with the addition of decrypting, should they not be aligned in the keys they support?

https://play.golang.org/p/D_CtEEAqO7i

What did you expect to see?

ParseRawPrivateKeyWithPassphrase parses pem block of type "Private Key" using x509.ParsePKCS8PrivateKey

What did you see instead?

Error: ssh: unsupported key type "PRIVATE KEY"

Looking at ssh/keys.go line: 1172 a switch block for the types appears to be missing the "PRIVATE KEY" case, reflected in the ParseRawPrivateKey switch block.

Suggested fix is a simple insertion of:
case "PRIVATE KEY": return x509.ParsePKCS8PrivateKey(buf)

Metadata

Metadata

Assignees

No one assigned

    Labels

    NeedsInvestigationSomeone must examine and confirm this is a valid issue and not a duplicate of an existing one.help wanted

    Type

    No type

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions