Load non-encrypted private keys and toggle password prompt #122
Comments
|
UPDATE: IMHO, this behavior is not obvious. I think it is better to fail if an empty password is passed. If a caller wants to use the function to load a non-encrypted key, s/he should just not pass a password. However, a user, who is prompted for a password, can only enter either a non-empty or an empty password. To give that user the option to load a non-encrypted key, we should skip decryption if the user does not enter a password, i.e. the password is an empty string. |
lukpueh
added a commit
to lukpueh/securesystemslib
that referenced
this issue
Mar 8, 2018
Add an optional boolean 'prompt' argument to interface.import_rsa_privatekey_from_file and change the behavior of the function like so: If password is passed use passed password for decryption. If prompt is True use entered password for decryption. If no password is passed or entered, or if the entered password is an empty string, omit decryption. Passing and prompting for a passowrd is not possible. See code comments or secure-systems-lab#122 for more details. This commit also adopts the unit tests accordingly.
3 tasks
lukpueh
added a commit
to lukpueh/securesystemslib
that referenced
this issue
Mar 12, 2020
Fixes secure-systems-lab#122 together with secure-systems-lab#124 and secure-systems-lab#148 Prepares for fixing in-toto/in-toto#80 TODO (Maybe in separate PRs): - support prompt arg for import_ecdsa_privatekey_from_file (see this commit) - support prompt arg for interface.generate_and_write_*_keypair - support password=None (no encryption) for generate_and_write_*_keypair (is there a way to check if encrypted?) - add import_key_from_file(filepath, password=None, prompt=False, key_type=RSA), for pub/priv, rsa/ecdsa/ed25519 - add import_public_keys_from_file(filepaths, key_types=RSA), for pub/priv, rsa/ecdsa/ed25519 - add import_public_keys_from_gpg(keyids, gpg_home=None) + fix tests/docs/etc...
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description of issue or feature request:
The
interfacemodule provides functions to importRSA,ed25510andECDSAprivate keys from files.The functions take an optional password argument and if no password is passed, the caller is prompted for a password. In either case the received password is used to decrypt the key. Hence, there is no way to load a non-password-encrypted private key without getting a prompt, or to fail if the key is encrypted but no password is passed, rather than prompting for a password.
This ticket proposes the addition of an optional boolean
promptargument to the functions:import_rsa_privatekey_from_file(filepath, password=None, scheme='rsassa-pss-sha256')import_ed25519_privatekey_from_file(filepath, password=None)import_ecdsa_privatekey_from_file(filepath, password=None)Current behavior:
If a password is passed, that password is used to decrypt the key.
If no password is passed, the user will be prompted for a password, which is used to decrypt the key.
Fail if the key can't be decrypted.
Expected behavior:
If a password is passed and prompt is False, the passed password is used to decrypt the key.
If prompt is True, the caller is prompted for a password, which is used to decrypt the key.
If no password is passed and prompt is False, the key will be loaded as non-encrypted key.
Fail if no password is passed and the key is decrypted.
Fail if a password is passed and the key can't be decrypted.
The text was updated successfully, but these errors were encountered: