pre-commit
/
pre-commit-hooks
mirror of https://github.com/pre-commit/pre-commit-hooks.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect_private_key: add textual version of `PKCS #8` encrypted private keys 

As described by RFC7468 and RFC5958, keys that are encoded using the "ENCRYPTED
PRIVATE KEY" label are described as private key information and therefore can
contain secrets, even though encrypted.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>
This commit is contained in:
Luís Ferreira 2021-10-02 20:33:35 +01:00
parent cf059f0d24
commit ccdf02dfd4
No known key found for this signature in database
GPG Key ID: 730750D54B7A9F66
2 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pre_commit_hooks/detect_private_key.py
View File

@ -11,6 +11,7 @@ BLACKLIST = [
b'PuTTY-User-Key-File-2',
b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
b'BEGIN PGP PRIVATE KEY BLOCK',
b'BEGIN ENCRYPTED PRIVATE KEY',
]

1
tests/detect_private_key_test.py
View File

@ -10,6 +10,7 @@ TESTS = (
(b'-----BEGIN OPENSSH PRIVATE KEY-----', 1),
(b'PuTTY-User-Key-File-2: ssh-rsa', 1),
(b'---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----', 1),
(b'-----BEGIN ENCRYPTED PRIVATE KEY-----', 1),
(b'ssh-rsa DATA', 0),
(b'ssh-dsa DATA', 0),
# Some arbitrary binary data