detect_private_key: add textual version of PKCS #8 encrypted private keys

Luís Ferreira · Luís Ferreira · commit ccdf02dfd48b · 2021-10-02T20:53:33.000+01:00
As described by RFC7468 and RFC5958, keys that are encoded using the "ENCRYPTED
PRIVATE KEY" label are described as private key information and therefore can
contain secrets, even though encrypted.

Signed-off-by: Luís Ferreira &lt;contact@lsferreira.net&gt;
diff --git a/pre_commit_hooks/detect_private_key.py b/pre_commit_hooks/detect_private_key.py
@@ -11,6 +11,7 @@
     b'PuTTY-User-Key-File-2',
     b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
     b'BEGIN PGP PRIVATE KEY BLOCK',
+    b'BEGIN ENCRYPTED PRIVATE KEY',
 ]
 
 
diff --git a/tests/detect_private_key_test.py b/tests/detect_private_key_test.py
@@ -10,6 +10,7 @@
     (b'-----BEGIN OPENSSH PRIVATE KEY-----', 1),
     (b'PuTTY-User-Key-File-2: ssh-rsa', 1),
     (b'---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----', 1),
+    (b'-----BEGIN ENCRYPTED PRIVATE KEY-----', 1),
     (b'ssh-rsa DATA', 0),
     (b'ssh-dsa DATA', 0),
     # Some arbitrary binary data

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@`
`11`	`11`	`b'PuTTY-User-Key-File-2',`
`12`	`12`	`b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',`
`13`	`13`	`b'BEGIN PGP PRIVATE KEY BLOCK',`
	`14`	`+ b'BEGIN ENCRYPTED PRIVATE KEY',`
`14`	`15`	`]`
`15`	`16`
`16`	`17`