Opened 9 years ago

Closed 9 years ago

#5890 defect closed fixed (fixed)

ckeygen --showpub does not prompt for or use provided passphrase for encrypted keys

Reported by: Lucas Taylor Owned by: therve
Priority: normal Milestone:
Component: conch Keywords: easy
Cc: z3p Branch:
Author:

Description

$ ckeygen --showpub -filename=/Users/blah/.ssh/id_rsa --pass=passwurd
Traceback (most recent call last):
  File "/Users/blah/Develop/virtualenvs/lodgeprox/bin/ckeygen", line 7, in <module>
    execfile(__file__)
  File "/Users/blah/Develop/code/3rdparty/twisted-hg/bin/conch/ckeygen", line 15, in <module>
    run()
  File "/Users/blah/Develop/code/3rdparty/twisted-hg/twisted/conch/scripts/ckeygen.py", line 65, in run
    displayPublicKey(options)
  File "/Users/blah/Develop/code/3rdparty/twisted-hg/twisted/conch/scripts/ckeygen.py", line 141, in displayPublicKey
    key = keys.Key.fromFile(options['filename']).keyObject
  File "/Users/blah/Develop/code/3rdparty/twisted-hg/twisted/conch/ssh/keys.py", line 63, in fromFile
    return Class.fromString(file(filename, 'rb').read(), type, passphrase)
  File "/Users/blah/Develop/code/3rdparty/twisted-hg/twisted/conch/ssh/keys.py", line 91, in fromString
    return method(data, passphrase)
  File "/Users/blah/Develop/code/3rdparty/twisted-hg/twisted/conch/ssh/keys.py", line 228, in _fromString_PRIVATE_OPENSSH
    raise EncryptedKeyError('encrypted key with no passphrase')
twisted.conch.ssh.keys.EncryptedKeyError: encrypted key with no passphrase

Same error occurs if no passphrase is provided.

2 problems:

  1. twisted.conch.scripts.ckeygen.displayPublicKey is not catching an EncryptedKeyError thrown when no passphrase is provided.
  1. If a passphrase is provided, it is only used to find the key if a BadKeyError is caught. But BadKeyError is not thrown in case of missing passphrase on an encrypted key, an EncryptedKeyError is. twisted.conch.scripts.ckeygen.displayPublicKey never prompts for or provides a passphrase to `twisted.conch.ssh.keys.Key.fromFile().

Attachments (3)

5890-ckeygen (13.2 KB) - added by Lucas Taylor 9 years ago.
Fix ckeygen --showpub for encrypted keys; add tests; whitespace cleanup
5890.bugfix (114 bytes) - added by Lucas Taylor 9 years ago.
Added topfile NEWS entry
5890-ckeygen.diff (13.5 KB) - added by Lucas Taylor 9 years ago.
Fix ckeygen --showpub for encrypted keys; add tests; whitespace cleanup (SVN diff...ignore previous attachment)

Download all attachments as: .zip

Change History (7)

comment:1 Changed 9 years ago by DefaultCC Plugin

Cc: z3p added

Changed 9 years ago by Lucas Taylor

Attachment: 5890-ckeygen added

Fix ckeygen --showpub for encrypted keys; add tests; whitespace cleanup

comment:2 Changed 9 years ago by Lucas Taylor

Keywords: review easy added

Changed 9 years ago by Lucas Taylor

Attachment: 5890.bugfix added

Added topfile NEWS entry

Changed 9 years ago by Lucas Taylor

Attachment: 5890-ckeygen.diff added

Fix ckeygen --showpub for encrypted keys; add tests; whitespace cleanup (SVN diff...ignore previous attachment)

comment:3 Changed 9 years ago by therve

Keywords: review removed
Owner: set to therve

Looks good! I'm merging it alongside #5889 with some adjustments.

comment:4 Changed 9 years ago by therve

Resolution: fixed
Status: newclosed

(In [35420]) Fix ckeygen --showpub behavior, passing a type to display in toString and catching the proper exception for encrypted keys.

Author: ltaylor.volks Reviewer: therve Fixes: #5889, #5890

Note: See TracTickets for help on using tickets.