parse PEM keys with empty passphrase

Otherwise OpenSSL tries prompting for a passphrase!

Author: btoews

lib/ssh_data/private_key.rb

@@ -17,11 +17,11 @@ def self.parse(key)
       when OPENSSH_PEM_TYPE
         parse_openssh(key)
       when RSA_PEM_TYPE
-        [RSA.from_openssl(OpenSSL::PKey::RSA.new(key))]
+        [RSA.from_openssl(OpenSSL::PKey::RSA.new(key, ""))]
       when DSA_PEM_TYPE
-        [DSA.from_openssl(OpenSSL::PKey::DSA.new(key))]
+        [DSA.from_openssl(OpenSSL::PKey::DSA.new(key, ""))]
       when ECDSA_PEM_TYPE
-        [ECDSA.from_openssl(OpenSSL::PKey::EC.new(key))]
+        [ECDSA.from_openssl(OpenSSL::PKey::EC.new(key, ""))]
       when ENCRYPTED_PEM_TYPE
         raise DecryptError, "cannot decode encrypted private keys"
       else

spec/fixtures/dsa.encrypted.pem

@@ -0,0 +1,15 @@
+-----BEGIN DSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,CF19675A47CDE014EA0C81A59C6B6269
+
+k1xSi/SoTdSQkoTeEvNsTR211f2rwsn4fso5dGmVkIKVXJ6onPOeHBz+Z5P3Uj/a
+WHw6su+RZ4fjnOlKthhfTcuKawu+oq0RFKTkVzV+b43dEmNy8u5hn/VXVsg9Tubo
+PxI08zyhg3FkY4P0YjkQJCBZZbRzd9k/eciPhHU04d6EX0m2eDXjUP7U4EO86bK4
+o3nIeY6xnclci6+b4bo+pR1+z+9aChIB5wErsmlZtf2Lvpy3gpHrLXgaPl/Rpl2I
+IzosnT4QO0NOUtIgvnl8E0/L7NGiJ1cp9Drdt6Vx8mjbA2f3A8Uv0YbbF9PZiurv
+MuYuDi2D6LRrc1wWUSEQo51ExZZpHpzB7rgB99P2chl7R6Xwz8uAByeFA5nKtwzc
+Z/081h7v9UfLiAoCGc8oT26xuAvNSrTsRil/gegyR4tiwN5upYNNlWOu0SxszszG
+k32GIFZMxKnFBIzCOHHlMw7ZV8dm6bciJREn9IlLNlthoaQSylIHO6kIlhEFcUA8
+7csp0Q5y411C50dSSNx54l45KsXuUTZ9gMKHkVGPdpRLXyidOVna3puSvq6f+W30
+SdlnbFjV+r3EjzB5rzuDT8gTmPmwI5kgClaL1MuJWgg=
+-----END DSA PRIVATE KEY-----

spec/fixtures/dsa.pem

@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBvAIBAAKBgQDxVX7EnH7JSoqL20g3eMhfZN0IeaIMHZdF2L8QFxwAUEr6oh2M
+3YTDS6iuhbT7W8TQgeUDD/2PPaHDeFVhyOKwHzlfdHwSl8eEcWRSYv6udVZoBfwW
+YApgWQloKw24noMpeFrBYITG9XtJ4zV6To9zXoNio/SXbHommjlirvnLKwIVAMw9
+7lVT+UR/yB6cHj7JFSrOaubjAoGBAOAt8s32b6NQBVHK3CIG5s1H/OEEQNNCzm37
+LdwINrWqAnS3s3jGR43JrXqRmRbhe2jbXr404xXHpKAJc0LsgYyw01JS0hJ/AFQo
+dDKkSTF2QWBV05h1em7+AGv8qz/bywO2HlAHtvDiBlq9gk2MYnqbTBbWHnCvEXtt
+mY1LA3ArAoGBAI5XYEdozb9XH0eFiMv1yPyrbPbM37Sp++OPLmvCzadJzbGGDvA7
+ymxopqJajV6lET+ZBavIKnKlWuJWYhDsoGfm59Jy3o5zKatjTDN3JJak2aGxYp+j
+Lvn6S95wOVDdPv5Df3AtBeNqRefnpxs2NjVewRGX82yO5qS0lM8htZTBAhQPwe3T
+xwl1zb83tbIYbtgcuwaw5g==
+-----END DSA PRIVATE KEY-----

spec/fixtures/dsa.plaintext.pem

@@ -0,0 +1,8 @@
+-----BEGIN EC PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,2866C4AEE9C2595C6082806F9D1622B5
+
+vvetCE7TqlG74iCO3kR3f1MY9+pVMkkcsDToPxer7iDI+lnqgOjKUebuTDdjB6Vi
+6Hq0n6EeoaQdDfhcGvFamNPf/FGk9ptXIEztvC0T59xrxqgi4mkJgTMhAnyFRFn+
+jVywGSwcge/9xTjbJxcJfr4oqZty7JIZpEFyiBc+9Ww=
+-----END EC PRIVATE KEY-----

spec/fixtures/ecdsa.encrypted.pem

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIA6w+3yQjVlJToULhwwuKfQkW5sphlGunAdxHYXYKcMSoAoGCCqGSM49
+AwEHoUQDQgAEVxneWIp1oQCiPlcQ/B/FBls1C167N2zGh8WzCeM8MrjDl4ir2SBx
+in2h+UX0zphNediQqI6NBt8hSBShPjOb2w==
+-----END EC PRIVATE KEY-----

spec/fixtures/ecdsa.pem

@@ -35,9 +35,12 @@ ssh-keygen -ted25519 -N "" -f ./ed25519_leaf_for_rsa_ca
 ssh-keygen -s rsa_ca -z 123 -n p1,p2 -O clear -I my-ident -O critical:foo=bar -O extension:baz=qwer -O permit-X11-forwarding ed25519_leaf_for_rsa_ca.pub
 
 # pem encoded keys
-openssl genrsa -out rsa.pem 2048
-openssl dsaparam -noout -out dsa.pem -genkey 1024
-openssl ecparam -noout -out ecdsa.pem -name prime256v1 -genkey
+openssl genrsa -out rsa.plaintext.pem 2048
+openssl rsa -aes-128-cbc -passout pass:mypass -in rsa.plaintext.pem -out rsa.encrypted.pem
+openssl dsaparam -noout -out dsa.plaintext.pem -genkey 1024
+openssl dsa -aes-128-cbc -passout pass:mypass -in dsa.plaintext.pem -out dsa.encrypted.pem
+openssl ecparam -noout -out ecdsa.plaintext.pem -name prime256v1 -genkey
+openssl ec -aes-128-cbc -passout pass:mypass -in ecdsa.plaintext.pem -out ecdsa.encrypted.pem
 chmod 400 *.pem
 
 # Create a certificate with a bad signature. We use ed25519 because the

spec/fixtures/ecdsa.plaintext.pem

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-128-CBC,B4D888F772E67B66E03C79A4744D73E2
+
+VBXhsN26cPD3411FTHS8FCPv5efiq64w3ewaFO0g+iuor/AAXf9gCpe2g6njgIh9
+HnFkZ6zUd5pNCG4JBz//82SMT7gDzpZCETQw+cPP4jwd2JZFlj48KAqFmKxyUuLu
+O8X33qL5y+VP/OQYNyntsUphk2zMAZs4guU/jDoaNz8iHWLW03OxUBEnC3Dw1tJ8
+Utg+9Bmb2nO3dBaSMPoyAFY7ad3UHTpcbWbw+Jvhiqm5BFvDAwwKehsOAPpMqLeN
+Kdah9rfGchhKk6zAZwAyhRTZ3UcocZ778bd5nvs68kO32A6a3fRyZGVbFhA2KEcQ
+12kX/6u4hw1ROlvicTPsrniWSQLWewcbedpmvZGlXSbsb1dGtnBgdg9yIfWc/w+6
+DrJuq4+CWz1pfnMKM5VmbZyoNlgPawE0NwiGhA0gC+qnepWSaMV3OIDYzsLugz1H
+qjRThUdy+jeXDiGBTA3WLvR+x9dBaF15uis4DK9Q708VzyJH/QiPw1CSCycBu/Fa
+rFGcl3iJwTE7YWOzRCwoNUocBMzTY3LgGhk8NlaCWPRxhVhzQNXR71ddUdQSR9/J
+0nX7te9Sp8xjtVNT6ULqAr1Tq0Vwnq1Sx8xiFjVTeoTs/qdHMPLAjCrfBr6BAKhx
+zLOC3q0UTAguWfhoo/Ekv9eTegkSwuzUFJ9T3jFT6pdznfEKuvRe4rplcJQ6FEJO
+VT5wrhBszlA2vxN20Gnw4osbccHKYtibU2wkC+OOoMU2gQ2FNXxQ76lYs8T81yCU
+KoLUYtG1RqFajSnoen7OsmN0RU7rD5Hd7c5yznx/Npv0R4/yUhv7wfGIZ8auWknS
+GTPT9OX85k8KZnLvubVnVmfRi4IlcTg7DywpvR3cPBw+iMXHEhzn1RWg58Hmw92c
+21MBMtg1X+SKgwGWvwWnA3BcvDdjNK7DguJCDlqIQVdT64AXjrAx6MxtsNaJ+OVw
+hejaSQuOZaWIx1hW3MWeDWYYQaDeTcmZhKMtLImX7NiX/6WD/KjlugyH7eq9bl8R
+kzSyZDlvx0emkBb0crxoY3qq+f7oWMx7G+Frzwg4izk5VZjGLVPCKqvXtQ425HCT
+BE5JtCBK6nLiAQO3APSaRgZsAjzY65Yz9ZaITL3djA5C9npeS/zVhPr5TTcsCQpC
+ZQKDj89cO3Wpg4DVVpN4SyyLuRVHPzs/XfJy24YdaSCLBJF3UTGiD5MK5+vraJaD
+of7dj05VC5mN5e9tNW3O/D3ZdSSzEuYn0GECxDvO0HaSutL93RelwTDfYIhmgqTp
+uxe+9ur9MPl6dlE7bLvw509rnzsJEdpaaQQyJfL5kKWDHkjLVBuJ7HhJASucKWl5
+CvT3BH1tjuddoW5tXXx50VHS9ystC/0FRqaIr99eoxTtHSRVmEaCEPGBDdA2fgE/
+VoRPsVd2SECqmD1cGW2KvxCq+g6sOgyrH3CJkv4NAh/r1d9xuFAQVuGe1UXTbyYi
+54ouZlnSVygknL9jksPEZgOzqVKZlMcwPJJfAVIAJZWewpjMkDVmV2OJtx63idAB
+J/c9ws6jaibgoC3A98GHcknNik+tvF+x2uEjYvqW1fDmmrZsm62hUX3ZO3C19dbw
+-----END RSA PRIVATE KEY-----