Page MenuHomePhabricator

Fix an issue where passphrase-protected private keys were stored without discarding passphrases
ClosedPublic

Authored by epriestley on May 13 2020, 3:05 PM.
Tags
None
Referenced Files
F13232157: D21245.id.diff
Tue, May 21, 1:04 AM
F13207033: D21245.id50593.diff
Wed, May 15, 8:24 PM
F13177540: D21245.diff
Wed, May 8, 7:47 PM
Unknown Object (File)
Sat, May 4, 4:23 PM
Unknown Object (File)
Fri, May 3, 1:18 AM
Unknown Object (File)
Mon, Apr 29, 3:40 PM
Unknown Object (File)
Sun, Apr 28, 9:50 AM
Unknown Object (File)
Fri, Apr 26, 7:10 AM
Subscribers
None

Details

Summary

Ref T13454. See https://discourse.phabricator-community.org/t/newly-created-ssh-private-keys-with-passphrase-not-working-anymore/3883.

After changes to distinguish between invalid and passphrase-protected keys, SSH private key management code incorrectly uses "-y ..." ("print public key") when it means "-p ..." ("modify input file, removing passphrase"). This results in the command having no effect, and Passphrase stores the raw input credential, not the stripped version.

We can't recover the keys because we don't store the passphrase, so no migration here is really possible. (We could add more code to detect this case, but it's presumably rare.)

Also, correct the behavior of the "Show Public Key" action: this is available for users who can see the credential and does not require edit permission.

Test Plan
  • Created a new credential with a passphrase, then showed the public key.

Diff Detail

Repository
rP Phabricator
Branch
key1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 24410
Build 33633: Run Core Tests
Build 33632: arc lint + arc unit