Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Throw helpful error if privateKey is set to only the first line, e.g. -----BEGIN RSA PRIVATE KEY----- #71

Open
gr2m opened this issue May 26, 2023 · 7 comments
Open

Throw helpful error if privateKey is set to only the first line, e.g. -----BEGIN RSA PRIVATE KEY----- #71

gr2m opened this issue May 26, 2023 · 7 comments

Comments

@gr2m
Copy link
Owner

gr2m commented May 26, 2023

Follow up to octokit/auth-app.js#465 (comment), reported by @reza-ebrahimi

The first line might be -----BEGIN PRIVATE KEY----- or -----BEGIN RSA PRIVATE KEY-----, maybe we will support other variations in future. But they all have the format -----BEGIN * KEY-----

I would suggest we add a check like

if (/-----BEGIN * KEY-----/.test(privateKey?.trim()) {
  throw new Error("privateKey only contains the first line. Try replacing line breaks with \n")
}
@gr2m gr2m mentioned this issue May 26, 2023
Open
1 task
@gr2m
Copy link
Owner Author

gr2m commented May 26, 2023

maybe we will support other variations in future

in particular I would love to see if we can support -----BEGIN OPENSSH PRIVATE KEY-----, which is the format that 1Password stores ssh keys in its latest version

@reza-ebrahimi
Copy link

Is there any schema or standard for private key content? Or probably an open source schema validator javascript / typescript library?

@reza-ebrahimi
Copy link

Not sure if directly related to PK validation, but I found these:

@reza-ebrahimi
Copy link

A simpler approach with regex. The expression below will match strings (Regex test link):

^-----BEGIN.*PRIVATE KEY-----$
  • starts with -----BEGIN
  • end with PRIVATE KEY-----

@gr2m
Copy link
Owner Author

gr2m commented May 27, 2023
edited
Loading

yeah good idea with the regex. I'd just add two spaces around .*

if (/^-----BEGIN .* PRIVATE KEY-----$/.test(privateKey.trim()) {
  throw new Error("privateKey only contains the first line. Try replacing line breaks with \n")
}

@gr2m
Copy link
Owner Author

gr2m commented May 27, 2023

Is there any schema or standard for private key content

We don't need a sophisticated private key validation library. This is about the very specific and common problem that only the first line is passed as the privateKey value

@reza-ebrahimi reza-ebrahimi mentioned this issue May 27, 2023
Open
9 tasks
@reza-ebrahimi
Copy link

Created a PR: octokit/auth-app.js#482

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gr2m @reza-ebrahimi