-
Notifications
You must be signed in to change notification settings - Fork 785
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Only 8, 16, 24, or 32 bits supported: 248 #1059
Comments
Unfortunate it's a submitted private key issue. Do you happen to have an example test case that isn't secret? Based on that error it would seem like some DER decoding issue. Maybe there are some edge cases out there that trigger a bug. Or could be bad input to start with and the error is poor. Hard to debug such things without an test case. |
Yes sure - here's a private key that's been revoked
password Computinggraduate and it was generated with the following code:
|
I poked at this for a few minutes. Not sure what the issue is. Unfortunately I don't have time to deep dive debug it at the moment. But here are some thoughts:
This test does a simple decrypt of the test static pem and password. It always fails. Most other passwords I tested will return null. const forge = require('node-forge');
const pem = `\
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIE6jAcBgoqhkiG9w0BDAEDMA4ECKPGG1SWab+cAgIIAASCBMjLabq/o+YaxNEL
bIcGr/2oO7QfLY2ebondYNqbfF5Ou7t8sEyE1nDZNOdiVRLng29b7CDnlFMOKA6X
Xi30z7Vh61GPsdyfvEEEUU39V26tgpud3NRApJzIcUQ1DkpRQKgKTpo+tx+Qe1z4
ZYKotgIoXl8sWOEJbKMkoGoEfZzbugmbNAO0ICCByIGJoVmFXl8o5D9qhCCaCB1W
XjvDFtLqxNjFlAxrN93vJ2dGYvc+OXId31TciMPQeckzdtLC5UrfDVVaBom7ueWV
OVo+jmHE/Yg5cuZGWM/s0xygmpfJJ7UsTCpiV4ctFf8uRB5AsM0wdmNl/DK9lhD+
lYt2UfztS58Z/KDPPzoJD5rSEyO9FKRx+QPcAhJBY4l7t+bAZneE2w5ALe+vfp0A
KIW+/rCpNnhA70SdIR9FfkcusQsn540kmv99+AFbX2VQmJ15m7UXw7c/uYrkeY+0
Pyn4tKb2hz6E3J9AhBQPCF44RwVnLlrQrJpL2v+NleXKIHs/rVGGi0Gby3Bzxb5S
9+uKYK7hpsc0F53YBoljS5xw1m8xU37q04JQ8BKYwZpOuMTYcQt6Q4aoHmb+6li2
hzVjTXKtmvRRju6rl9wi2djJUPxNT1xU+JL80EMh/KUUA6X3bDqFYJwTKrAbEU+7
4du4QLo4hdRqsDq2KjKcbmgs2tAVBAdSWNtXyAzpFHyY/5r64LSpuMAG0lJczUaM
0i8dUydAyLE9W6xFtKbCVhT3UhyWbt2pxQw2unf2gFwilzSV8V70gAIQSU1z593C
IT/tnkhhKCstnrTEGN/xMeas1O2uYrUkiFFflryIv7twSZbD49+jP2Vv9h0lpvnV
T6Q4Gq93b9zdZ1igfzhWrz5dlt6rmpTYv9xnh52Ro8Vm/3J6rjveJo+2Z2ba7Wl4
0+83M4RWzRVJKU2qMVQvRH5mifDV2d1VHpyyXkdNxqR85VjHDQ+PhSiKYQPPmnLc
5sKoLkJiyMGinENh8L73XH8ZpkBqBgzbFNTsFiEFC+S2xuLVTXtfp9yIP73RA2GS
zZniOfvDoq2b23QG2s5IzTpgP3qAxmXjVK3cGaDV3YFAWVmwDnuizGcATqB/MbpP
QN4VfdEaoRpHYvivnLBzNK4gNIDrBjoFtlhBczGfoFcrHacegqQpYt2SGPJz/OND
kK1kp1bqC1KenoosAH8HBVqDsWATxwByU1z4spCJPe1tPrE5VyXsffL4Da4p/J3I
tnG6OlYrZJJxQ1Gt1vvjWeYidWQLkZlAtklNnRE0db7iBHV4ygkWRQVYbYsZoYbA
rJQohx2ULroUswsJ1c5yqpa6CR4egLvDNniEDCvaDTJO/OQAL1H+gMH04N4wy1Fy
ORijc5GG0AmV8viqjrI+4rTJ8X1pekGmyvGj9kk2cHcbn62eefY1LD+4ym89bChP
XiDZU8tNapR6c34U3cWMqWruQzMJfnLGp8Fqz38hzf3IwYWYwMjoB1GOQI8LFwN0
5y5F4PjG0WrUpek/4yfnc7DVeYM0MSczOzPNDPg6mzj8lp6FcIEykMoI3ugPJCFa
05vCAr6c4HWtcT3VTy+6ZgXL1FZaPEnxL8cb7us+SNtHpRSPaTkfui2PFGLe2uKf
2fiZMc0hL1oYeZK3Ffg=
-----END ENCRYPTED PRIVATE KEY-----
`;
const pw = 'Computinggraduate';
try {
const privateKey = forge.pki.decryptRsaPrivateKey(pem, pw);
console.log('PASS');
console.log(privateKey);
} catch (ex) {
console.log('FAIL');
console.error(ex);
} If you want to find a key that does something weird, you can loop around with different prefixes just to get nonsense decrypted data. For instance, the below finds a non-null decode for "t17" and fails for "Unparsed DER bytes remain after ASN.1 parsing". let res = null;
let i = 0;
const prefix = 't';
while(res === null) {
console.log(i);
res = forge.pki.decryptRsaPrivateKey(pem, prefix + i++);
} This test does what I think you were doing. It will create private key pem and they try to decrypt it. Uses different keys and passwords to try and trigger and weird data issues. It just keeps looping and not failing. const forge = require('node-forge');
let i = 0;
let run = 1;
while(run) {
const keys = forge.pki.rsa.generateKeyPair({bits: 2048, workers: -1});
const algOpts = {algorithm: '3des'};
const pw = 'Computinggraduate' + i;
const pem = forge.pki.encryptRsaPrivateKey(keys.privateKey, pw, algOpts);
console.log(i++);
console.log(pem);
const privateKey = forge.pki.decryptRsaPrivateKey(pem, pw);
//console.log(privateKey);
if(!privateKey) {
console.log('FAIL');
run = 0;
}
} I'm not sure what the best behavior is here. Maybe the code should catch any errors and return null? It's likely rare people have bad DER that can't parse into ASN.1, but it could happen. It is possible there is bug in either the encryption process or decryption process that gets triggered with the test data. But I'm not really sure how to tell. Do you have any more failing test data? |
I'm sure the password is correct, this is not the only user that has had this problem. |
Hello,
I'm trying to decrypt a private key but am getting the following error when trying to decrypt - I was wondering if anyone has seen this before please?
Weirdly, this only seems to be from 'certain' private keys - we have lots of users that decrypt without issue, but every so often we get this error from Forge,
Thanks,
Will.
The code used is as follows:
The text was updated successfully, but these errors were encountered: