Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempting to load a passphrase-protected key should not prompt cin #4627

Open
themightyoarfish opened this issue Aug 6, 2024 · 0 comments
Open

Attempting to load a passphrase-protected key should not prompt cin #4627

themightyoarfish opened this issue Aug 6, 2024 · 0 comments
Labels
bug

Comments

@themightyoarfish
Copy link

Describe the bug

Assuming a private key file protected by a password exists, it can be loaded with the EVPPkey constructor accepting empty pubkey name, private key name, and passphrase. If The passphrase is empty, the program will prompt the user to type in the key
with a message like Enter PEM pass phrase:. This is unsuitable for library code, since this cannot be reacted to unless the program is running in an interactive terminal.
It would be better to raise an exception, which happens e.g. when the wrong password is supplied.

To Reproduce

Attached an MVP with an encrypted openssl key

poco.zip

Expected behavior

Poco raises an exception when the key requires a passphrase, but none was supplied

Logs
n/a

Screenshots

CleanShot 2024-08-06 at 13 58 31

Please add relevant environment information:

  • OS Type and Version: macos ARM 12.7.5
  • POCO Version: 1.13.3 (homebrew)

Additional context

I know this probably comes from OpenSSL, but can this be worked around somehow?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@themightyoarfish