From: nobu@... Date: 2015-12-06T06:10:28+00:00 Subject: [ruby-core:71854] [Ruby trunk - Bug #11774] OpenSSL::PKey.read produces ArgumentError on invalid passphrases Issue #11774 has been updated by Nobuyoshi Nakada. Description updated Seems that OpenSSL doesn't tell what kind failure happened. ---------------------------------------- Bug #11774: OpenSSL::PKey.read produces ArgumentError on invalid passphrases https://bugs.ruby-lang.org/issues/11774#change-55258 * Author: Artem Yakimenko * Status: Open * Priority: Normal * Assignee: * ruby -v: ruby 2.2.3p173 (2015-08-18 revision 51636) [x86_64-darwin15] * Backport: 2.0.0: UNKNOWN, 2.1: UNKNOWN, 2.2: UNKNOWN ---------------------------------------- If we try to read out an RSA encrypted key with an invalid passphrase like so: ```ruby require 'openssl' OpenSSL::PKey.read(File.read("#{ENV['HOME']}/.ssh/id_rsa"), 'invalid') ``` We get an argument error: ``` ArgumentError: Could not parse PKey: no start line from (pry):6:in `read' ``` However, if I understand the situation correctly, it should produce a decode error: `OpenSSL::PKey::RSAError`, as per the doc: > OpenSSL::PKey::RSAError Generic exception that is raised if an operation on an RSA PKey fails unexpectedly or in case an instantiation of an instance of RSA fails due to non-conformant input data. Reproduction: 1. Create a password protected ssh key (if none exists): ``` ssh-keygen -t rsa -b 4096 ``` 2. Run the following snippet (assuming ~/.ssh/id_rsa is the key location) ```ruby require 'openssl' OpenSSL::PKey.read(File.read("#{ENV['HOME']}/.ssh/id_rsa"), 'invalid_passphrase') ``` Tested on: MacOSX 10.11.1 OpenSSL 1.0.2d 9 Jul 2015 Ruby 2.1.7 Ruby 2.2.3 -- https://bugs.ruby-lang.org/