octoleo/phpseclib
1
0
Fork 0
mirror of https://github.com/phpseclib/phpseclib.git synced 2024-06-03 09:00:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Crypt/RSA: add support for loading OpenSSH encrypted keys

Browse Source
This commit is contained in:
terrafrost 2022-07-28 08:11:42 -05:00
parent 76a7b07bda
commit 0c8994bbad
4 changed files with 439 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
phpseclib/Crypt/Base.php
View File

@ -537,7 +537,7 @@ class Crypt_Base
// PHP_OS & "\xDF\xDF\xDF" == strtoupper(substr(PHP_OS, 0, 3)), but a lot faster
case (PHP_OS & "\xDF\xDF\xDF") === 'WIN':
case defined('PHP_INT_SIZE') && PHP_INT_SIZE == 8:
define('CRYPT_BASE_USE_SAFE_INTVAL', false);
define('CRYPT_BASE_USE_SAFE_INTVAL', true);
break;
case (php_uname('m') & "\xDF\xDF\xDF") == 'ARM':
switch (true) {
@ -666,6 +666,10 @@ class Crypt_Base
* $hash, $salt, $count, $dkLen
*
* Where $hash (default = sha1) currently supports the following hashes: see: Crypt/Hash.php
* {@link https://en.wikipedia.org/wiki/Bcrypt bcypt}:
* $salt, $rounds, $keylen
*
* This is a modified version of bcrypt used by OpenSSH.
*
* @see Crypt/Hash.php
* @param string $password
@ -679,6 +683,32 @@ class Crypt_Base
$key = '';
switch ($method) {
case 'bcrypt':
if (!class_exists('Crypt_Blowfish')) {
include_once 'Crypt/Blowfish.php';
}
$func_args = func_get_args();
if (!isset($func_args[2])) {
return false;
}
$salt = $func_args[2];
$rounds = isset($func_args[3]) ? $func_args[3] : 16;
$keylen = isset($func_args[4]) ? $func_args[4] : $this->key_length;
$bf = new Crypt_Blowfish();
$key = $bf->bcrypt_pbkdf($password, $salt, $keylen + $this->getBlockLength(), $rounds);
if (!$key) {
return false;
}
$this->setKey(substr($key, 0, $keylen));
$this->setIV(substr($key, $keylen));
return true;
default: // 'pbkdf2' or 'pbkdf1'
$func_args = func_get_args();

310
phpseclib/Crypt/Blowfish.php
View File

@ -11,6 +11,87 @@
*
* - {@link http://en.wikipedia.org/wiki/Blowfish_(cipher) Wikipedia description of Blowfish}
*
* # An overview of bcrypt vs Blowfish
*
* OpenSSH private keys use a customized version of bcrypt. Specifically, instead of
* encrypting OrpheanBeholderScryDoubt 64 times OpenSSH's bcrypt variant encrypts
* OxychromaticBlowfishSwatDynamite 64 times. so we can't use crypt().
*
* bcrypt is basically Blowfish but instead of performing the key expansion once it performs
* the expansion 129 times for each round, with the first key expansion interleaving the salt
* and password. This renders OpenSSL unusable and forces us to use a pure-PHP implementation
* of blowfish.
*
* # phpseclib's four different _encryptBlock() implementations
*
* When using Blowfish as an encryption algorithm, _encryptBlock() is called 9 + 512 +
* (the number of blocks in the plaintext) times.
*
* Each of the first 9 calls to _encryptBlock() modify the P-array. Each of the next 512
* calls modify the S-boxes. The remaining _encryptBlock() calls operate on the plaintext to
* produce the ciphertext. In the pure-PHP implementation of Blowfish these remaining
* _encryptBlock() calls are highly optimized through the use of eval(). Among other things,
* P-array lookups are eliminated by hard-coding the key-dependent P-array values, and thus we
* have explained 2 of the 4 different _encryptBlock() implementations.
*
* With bcrypt things are a bit different. _encryptBlock() is called 1,079,296 times,
* assuming 16 rounds (which is what OpenSSH's bcrypt defaults to). The eval()-optimized
* _encryptBlock() isn't as beneficial because the P-array values are not constant. Well, they
* are constant, but only for, at most, 777 _encryptBlock() calls, which is equivalent to ~6KB
* of data. The average length of back to back _encryptBlock() calls with a fixed P-array is
* 514.12, which is ~4KB of data. Creating an eval()-optimized _encryptBlock() has an upfront
* cost, which is CPU dependent and is probably not going to be worth it for just ~4KB of
* data. Conseqeuently, bcrypt does not benefit from the eval()-optimized _encryptBlock().
*
* The regular _encryptBlock() does unpack() and pack() on every call, as well, and that can
* begin to add up after one million function calls.
*
* In theory, one might think that it might be beneficial to rewrite all block ciphers so
* that, instead of passing strings to _encryptBlock(), you convert the string to an array of
* integers and then pass successive subarrays of that array to _encryptBlock. This, however,
* kills PHP's memory use. Like let's say you have a 1MB long string. After doing
* $in = str_repeat('a', 1024 * 1024); PHP's memory utilization jumps up by ~1MB. After doing
* $blocks = str_split($in, 4); it jumps up by an additional ~16MB. After
* $blocks = array_map(fn($x) => unpack('N*', $x), $blocks); it jumps up by an additional
* ~90MB, yielding a 106x increase in memory usage. Consequently, it bcrypt calls a different
* _encryptBlock() then the regular Blowfish does. That said, the Blowfish _encryptBlock() is
* basically just a thin wrapper around the bcrypt _encryptBlock(), so there's that.
*
* This explains 3 of the 4 _encryptBlock() implementations. the last _encryptBlock()
* implementation can best be understood by doing Ctrl + F and searching for where
* CRYPT_BASE_USE_SAFE_INTVAL is defined.
*
* # phpseclib's three different _setupKey() implementations
*
* Every bcrypt round is the equivalent of encrypting 512KB of data. Since OpenSSH uses 16
* rounds by default that's ~8MB of data that's essentially being encrypted whenever
* you use bcrypt. That's a lot of data, however, bcrypt operates within tighter constraints
* than regular Blowfish, so we can use that to our advantage. In particular, whereas Blowfish
* supports variable length keys, in bcrypt, the initial "key" is the sha512 hash of the
* password. sha512 hashes are 512 bits or 64 bytes long and thus the bcrypt keys are of a
* fixed length whereas Blowfish keys are not of a fixed length.
*
* bcrypt actually has two different key expansion steps. The first one (expandstate) is
* constantly XOR'ing every _encryptBlock() parameter against the salt prior _encryptBlock()'s
* being called. The second one (expand0state) is more similar to Blowfish's _setupKey()
* but it can still use the fixed length key optimization discussed above and can do away with
* the pack() / unpack() calls.
*
* I suppose _setupKey() could be made to be a thin wrapper around expandstate() but idk it's
* just a lot of work for very marginal benefits as _setupKey() is only called once for
* regular Blowfish vs the 128 times it's called --per round-- with bcrypt.
*
* # blowfish + bcrypt in the same class
*
* Altho there's a lot of Blowfish code that bcrypt doesn't re-use, bcrypt does re-use the
* initial S-boxes, the initial P-array and the int-only _encryptBlock() implementation.
*
* # Credit
*
* phpseclib's bcrypt implementation is based losely off of OpenSSH's implementation:
*
* https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/bcrypt_pbkdf.c
*
* Here's a short example of how to use this library:
* <code>
* <?php
@ -147,6 +228,15 @@ class Crypt_Blowfish extends Crypt_Base
*/
var $cfb_init_len = 500;
/**
* SHA512 Object
*
* @see self::bcrypt_pbkdf
* @var object
* @access private
*/
var $sha512;
/**
* The fixed subkeys boxes ($sbox0 - $sbox3) with 256 entries each
*
@ -431,6 +521,7 @@ class Crypt_Blowfish extends Crypt_Base
// unpack binary string in unsigned chars
$key = array_values(unpack('C*', $this->key));
$keyl = count($key);
// with bcrypt $keyl will always be 16 (because the key is the sha512 of the key you provide)
for ($j = 0, $i = 0; $i < 18; ++$i) {
// xor P1 with the first 32-bits of the key, xor P2 with the second 32-bits ...
for ($data = 0, $k = 0; $k < 4; ++$k) {
@ -459,6 +550,225 @@ class Crypt_Blowfish extends Crypt_Base
}
}
/**
* bcrypt
*
* @param string $sha2pass
* @param string $sha2salt
* @access private
* @return string
*/
function _bcrypt_hash($sha2pass, $sha2salt)
{
$p = $this->parray;
$sbox0 = $this->sbox0;
$sbox1 = $this->sbox1;
$sbox2 = $this->sbox2;
$sbox3 = $this->sbox3;
$cdata = array_values(unpack('N*', 'OxychromaticBlowfishSwatDynamite'));
$sha2pass = array_values(unpack('N*', $sha2pass));
$sha2salt = array_values(unpack('N*', $sha2salt));
$this->_expandstate($sha2salt, $sha2pass, $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 0; $i < 64; $i++) {
$this->_expand0state($sha2salt, $sbox0, $sbox1, $sbox2, $sbox3, $p);
$this->_expand0state($sha2pass, $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
for ($i = 0; $i < 64; $i++) {
for ($j = 0; $j < 8; $j+= 2) { // count($cdata) == 8
list($cdata[$j], $cdata[$j + 1]) = $this->_encryptBlockHelperFast($cdata[$j], $cdata[$j + 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
}
return pack('L*', ...$cdata);
}
/**
* Performs OpenSSH-style bcrypt
*
* @param string $pass
* @param string $salt
* @param int $keylen
* @param int $rounds
* @access public
* @return false|string
*/
function bcrypt_pbkdf($pass, $salt, $keylen, $rounds)
{
if (!CRYPT_BASE_USE_SAFE_INTVAL) {
return false;
}
if (!class_exists('Crypt_Hash')) {
include_once 'Crypt/Hash.php';
}
if (!isset($this->sha512)) {
$this->sha512 = new Crypt_Hash('sha512');
}
$sha2pass = $this->sha512->hash($pass);
$results = [];
$count = 1;
while (32 * count($results) < $keylen) {
$countsalt = $salt . pack('N', $count++);
$sha2salt = $this->sha512->hash($countsalt);
$out = $tmpout = $this->_bcrypt_hash($sha2pass, $sha2salt);
for ($i = 1; $i < $rounds; $i++) {
$sha2salt = $this->sha512->hash($tmpout);
$tmpout = $this->_bcrypt_hash($sha2pass, $sha2salt);
$out^= $tmpout;
}
$results[] = $out;
}
$output = '';
for ($i = 0; $i < 32; $i++) {
foreach ($results as $result) {
$output.= $result[$i];
}
}
return substr($output, 0, $keylen);
}
/**
* Key expansion without salt
*
* @access private
* @param int[] $key
* @param int[] $sbox0
* @param int[] $sbox1
* @param int[] $sbox2
* @param int[] $sbox3
* @param int[] $p
* @see self::_bcrypt_hash()
*/
function _expand0state($key, &$sbox0, &$sbox1, &$sbox2, &$sbox3, &$p)
{
// expand0state is basically the same thing as this:
//return $this->_expandstate(array_fill(0, 16, 0), $key);
// but this separate function eliminates a bunch of XORs and array lookups
$p = [
$p[0] ^ $key[0],
$p[1] ^ $key[1],
$p[2] ^ $key[2],
$p[3] ^ $key[3],
$p[4] ^ $key[4],
$p[5] ^ $key[5],
$p[6] ^ $key[6],
$p[7] ^ $key[7],
$p[8] ^ $key[8],
$p[9] ^ $key[9],
$p[10] ^ $key[10],
$p[11] ^ $key[11],
$p[12] ^ $key[12],
$p[13] ^ $key[13],
$p[14] ^ $key[14],
$p[15] ^ $key[15],
$p[16] ^ $key[0],
$p[17] ^ $key[1]
];
list( $p[0], $p[1]) = $this->_encryptBlockHelperFast( 0, 0, $sbox0, $sbox1, $sbox2, $sbox3, $p);
list( $p[2], $p[3]) = $this->_encryptBlockHelperFast($p[ 0], $p[ 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list( $p[4], $p[5]) = $this->_encryptBlockHelperFast($p[ 2], $p[ 3], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list( $p[6], $p[7]) = $this->_encryptBlockHelperFast($p[ 4], $p[ 5], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list( $p[8], $p[9]) = $this->_encryptBlockHelperFast($p[ 6], $p[ 7], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($p[10], $p[11]) = $this->_encryptBlockHelperFast($p[ 8], $p[ 9], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($p[12], $p[13]) = $this->_encryptBlockHelperFast($p[10], $p[11], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($p[14], $p[15]) = $this->_encryptBlockHelperFast($p[12], $p[13], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($p[16], $p[17]) = $this->_encryptBlockHelperFast($p[14], $p[15], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($sbox0[0], $sbox0[1]) = $this->_encryptBlockHelperFast($p[16], $p[17], $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 2; $i < 256; $i+= 2) {
list($sbox0[$i], $sbox0[$i + 1]) = $this->_encryptBlockHelperFast($sbox0[$i - 2], $sbox0[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
list($sbox1[0], $sbox1[1]) = $this->_encryptBlockHelperFast($sbox0[254], $sbox0[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 2; $i < 256; $i+= 2) {
list($sbox1[$i], $sbox1[$i + 1]) = $this->_encryptBlockHelperFast($sbox1[$i - 2], $sbox1[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
list($sbox2[0], $sbox2[1]) = $this->_encryptBlockHelperFast($sbox1[254], $sbox1[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 2; $i < 256; $i+= 2) {
list($sbox2[$i], $sbox2[$i + 1]) = $this->_encryptBlockHelperFast($sbox2[$i - 2], $sbox2[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
list($sbox3[0], $sbox3[1]) = $this->_encryptBlockHelperFast($sbox2[254], $sbox2[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 2; $i < 256; $i+= 2) {
list($sbox3[$i], $sbox3[$i + 1]) = $this->_encryptBlockHelperFast($sbox3[$i - 2], $sbox3[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
}
/**
* Key expansion with salt
*
* @access private
* @param int[] $data
* @param int[] $key
* @param int[] $sbox0
* @param int[] $sbox1
* @param int[] $sbox2
* @param int[] $sbox3
* @param int[] $p
* @see self::_bcrypt_hash()
*/
function _expandstate($data, $key, &$sbox0, &$sbox1, &$sbox2, &$sbox3, &$p)
{
$p = [
$p[0] ^ $key[0],
$p[1] ^ $key[1],
$p[2] ^ $key[2],
$p[3] ^ $key[3],
$p[4] ^ $key[4],
$p[5] ^ $key[5],
$p[6] ^ $key[6],
$p[7] ^ $key[7],
$p[8] ^ $key[8],
$p[9] ^ $key[9],
$p[10] ^ $key[10],
$p[11] ^ $key[11],
$p[12] ^ $key[12],
$p[13] ^ $key[13],
$p[14] ^ $key[14],
$p[15] ^ $key[15],
$p[16] ^ $key[0],
$p[17] ^ $key[1]
];
list( $p[0], $p[1]) = $this->_encryptBlockHelperFast($data[ 0] , $data[ 1] , $sbox0, $sbox1, $sbox2, $sbox3, $p);
list( $p[2], $p[3]) = $this->_encryptBlockHelperFast($data[ 2] ^ $p[ 0], $data[ 3] ^ $p[ 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list( $p[4], $p[5]) = $this->_encryptBlockHelperFast($data[ 4] ^ $p[ 2], $data[ 5] ^ $p[ 3], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list( $p[6], $p[7]) = $this->_encryptBlockHelperFast($data[ 6] ^ $p[ 4], $data[ 7] ^ $p[ 5], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list( $p[8], $p[9]) = $this->_encryptBlockHelperFast($data[ 8] ^ $p[ 6], $data[ 9] ^ $p[ 7], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($p[10], $p[11]) = $this->_encryptBlockHelperFast($data[10] ^ $p[ 8], $data[11] ^ $p[ 9], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($p[12], $p[13]) = $this->_encryptBlockHelperFast($data[12] ^ $p[10], $data[13] ^ $p[11], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($p[14], $p[15]) = $this->_encryptBlockHelperFast($data[14] ^ $p[12], $data[15] ^ $p[13], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($p[16], $p[17]) = $this->_encryptBlockHelperFast($data[ 0] ^ $p[14], $data[ 1] ^ $p[15], $sbox0, $sbox1, $sbox2, $sbox3, $p);
list($sbox0[0], $sbox0[1]) = $this->_encryptBlockHelperFast($data[2] ^ $p[16], $data[3] ^ $p[17], $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 2, $j = 4; $i < 256; $i+= 2, $j = ($j + 2) % 16) { // instead of 16 maybe count($data) would be better?
list($sbox0[$i], $sbox0[$i + 1]) = $this->_encryptBlockHelperFast($data[$j] ^ $sbox0[$i - 2], $data[$j + 1] ^ $sbox0[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
list($sbox1[0], $sbox1[1]) = $this->_encryptBlockHelperFast($data[2] ^ $sbox0[254], $data[3] ^ $sbox0[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 2, $j = 4; $i < 256; $i+= 2, $j = ($j + 2) % 16) {
list($sbox1[$i], $sbox1[$i + 1]) = $this->_encryptBlockHelperFast($data[$j] ^ $sbox1[$i - 2], $data[$j + 1] ^ $sbox1[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
list($sbox2[0], $sbox2[1]) = $this->_encryptBlockHelperFast($data[2] ^ $sbox1[254], $data[3] ^ $sbox1[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 2, $j = 4; $i < 256; $i+= 2, $j = ($j + 2) % 16) {
list($sbox2[$i], $sbox2[$i + 1]) = $this->_encryptBlockHelperFast($data[$j] ^ $sbox2[$i - 2], $data[$j + 1] ^ $sbox2[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
list($sbox3[0], $sbox3[1]) = $this->_encryptBlockHelperFast($data[2] ^ $sbox2[254], $data[3] ^ $sbox2[255], $sbox0, $sbox1, $sbox2, $sbox3, $p);
for ($i = 2, $j = 4; $i < 256; $i+= 2, $j = ($j + 2) % 16) {
list($sbox3[$i], $sbox3[$i + 1]) = $this->_encryptBlockHelperFast($data[$j] ^ $sbox3[$i - 2], $data[$j + 1] ^ $sbox3[$i - 1], $sbox0, $sbox1, $sbox2, $sbox3, $p);
}
}
/**
* Encrypts a block
*

51
phpseclib/Crypt/RSA.php
View File

@ -1611,14 +1611,47 @@ class Crypt_RSA
if ($magic !== "openssh-key-v1\0") {
return false;
}
$options = $this->_string_shift($decoded, 24);
// \0\0\0\4none = ciphername
// \0\0\0\4none = kdfname
// \0\0\0\0 = kdfoptions
// \0\0\0\1 = numkeys
if ($options != "\0\0\0\4none\0\0\0\4none\0\0\0\0\0\0\0\1") {
extract(unpack('Nlength', $this->_string_shift($decoded, 4)));
if (strlen($decoded) < $length) {
return false;
}
$ciphername = $this->_string_shift($decoded, $length);
extract(unpack('Nlength', $this->_string_shift($decoded, 4)));
if (strlen($decoded) < $length) {
return false;
}
$kdfname = $this->_string_shift($decoded, $length);
extract(unpack('Nlength', $this->_string_shift($decoded, 4)));
if (strlen($decoded) < $length) {
return false;
}
$kdfoptions = $this->_string_shift($decoded, $length);
extract(unpack('Nnumkeys', $this->_string_shift($decoded, 4)));
if ($numkeys != 1 || ($ciphername != 'none' && $kdfname != 'bcrypt')) {
return false;
}
switch ($ciphername) {
case 'none':
break;
case 'aes256-ctr':
extract(unpack('Nlength', $this->_string_shift($kdfoptions, 4)));
if (strlen($kdfoptions) < $length) {
return false;
}
$salt = $this->_string_shift($kdfoptions, $length);
extract(unpack('Nrounds', $this->_string_shift($kdfoptions, 4)));
if (!class_exists('Crypt_AES')) {
include_once 'Crypt/AES.php';
}
$crypto = new Crypt_AES(CRYPT_MODE_CTR);
$crypto->disablePadding();
if (!$crypto->setPassword($this->password, 'bcrypt', $salt, $rounds, 32)) {
return false;
}
break;
default:
return false;
}
extract(unpack('Nlength', $this->_string_shift($decoded, 4)));
if (strlen($decoded) < $length) {
return false;
@ -1628,12 +1661,16 @@ class Crypt_RSA
if (strlen($decoded) < $length) {
return false;
}
$paddedKey = $this->_string_shift($decoded, $length);
if ($this->_string_shift($publicKey, 11) !== "\0\0\0\7ssh-rsa") {
return false;
}
$paddedKey = $this->_string_shift($decoded, $length);
if (isset($crypto)) {
$paddedKey = $crypto->decrypt($paddedKey);
}
$checkint1 = $this->_string_shift($paddedKey, 4);
$checkint2 = $this->_string_shift($paddedKey, 4);
if (strlen($checkint1) != 4 || $checkint1 !== $checkint2) {

54
tests/Unit/Crypt/RSA/LoadKeyTest.php
View File

@ -616,4 +616,58 @@ Private-MAC: d26baf87446604974287b682ed9e0c00ce54e460e1cb719953a81291147b3c59
$this->assertIsString($rsa->getPublicKey());
$this->assertIsString($rsa->getPrivateKey());
}
public function testOpenSSHEncrypted()
{
if (!function_exists('sodium_crypto_pwhash')) {
self::markTestSkipped('sodium_crypto_pwhash() function is not available.');
}
$key = '-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBN2Ff3Kw
SIOWyzRiboPRIhAAAAEAAAAAEAAAGXAAAAB3NzaC1yc2EAAAADAQABAAABgQCpxMxDEG0S
gf8oVUPcoPq34BQtj0WIgSGKa/y+aeNN4c38KdlluTKx53B3MWPCwCIBynfxx/IeFb8mmV
7ojIinKp4nocR0LxWA1+B0A0lQmVOfKhUNScillxxRSNQJTi4UjKyBmj1bU9w7Fp7beNzz
NKcHW9t3iBYZFnzGuatcTWLdkzyBitOemD3duOzI5a9CR7c/MbJdVzC2G4BFCdzRtjYOG5
w2wuofrac4I3fI6NK9d+mePPxKJIwYDyQk5pmG89p7T7M7JdSpQSwiN2ZrkinGfxUJLKsf
4o29rjHSfd/r18rDor2vzpfaQcuR/NFRsPWE1iOx3bPns2bRWt5QYWF5eRZAb2HwSF0w+r
/tKqVkomYALV31K3W8fLw0bMepvyHTrRiSKvwkOTNw58Gr+DQplSpbFJuCKaktrMb3pf/t
jXeAItJnSdBeUAnKNUKv2oxldpT74y1yEpvZPa8nsnHVtB+Xc5Hy1Lr0PMf7FBOXLTpMu5
YNd8myLKhX57sAAAWQV9Znl6fgfCTtrMupyop0n9obvDLTTFMf7FY5NlLc+qxpz9qJ+hgD
l+18OFgGqV85F1OY4wdfVXzkEIYMUWw9F1zDwUOW8Yfpk/IIQiqHSL4zfwXS/e4mG9Sfou
7fzOPflmzCjWZGnVaxmYs2ybdbLEu0sRMWAKbXgWTf/H4jg8qGKxPFJT669RZEUZk3hIGG
CcIdmkOHgMXw+XdX61GE/5/jBPv9GIyTQXLHSsUG4rlF2saBj4QLVBOf6oW7TiVjXvvCm7
jnHFTSS3Kx5yB47GEIzAIRRJEnuPdOR1mJdASX2as96hMw7y4leQnzyJgQ1slIz8na8Z2P
9aR7MYOlaX6/gDNRh2BQlOAxai30iieNSQi2qfuVC3SbpHXf9+yOTva8wfb55WYtm9UQ3R
YxI6HrwjfnD/8EjiXmhbJfLlKfzkM6KDBSEUkOIWxgJBkBhkuXdacv5iSV3dCMnHk3kXOv
2b/B7e7Uc9x6Xva8cXcp//y12rpYXdTXTVYEGnmDVz9U1ITOjI9umAAYNmZgEPoabNb6r4
3cARBPz42hQ4LmILr0JCj5P/0cRzdMrZEumwvXkP3/BuGkj9AjFh2r9WhZ/yCaXVGxzS/b
bySXy1LMgQRbWLwbDOmGqsPn74KpiRgO/IhtXzlOt5+RumqFS7JI8N/qUlMwFcAhO9EsCQ
UBKWN4enVg2Y8vL/mCuFMW9SQR3pNfBL7uqdOFsdtalPC4vzMyUpkd3dUVpkJ2RYc1bEfh
oumUZr0aM+CSscOVwHt8VwKqZ/wBV3ZtL4KL+uy2ko0Ig0ZuBHeK65m2JWETtKJR/sk+DN
bK8MABP+FVXxHaL5UeLQAo9K80UukSwypJgRV4EyvK8fIMoNh8SDlqMi48E1xyucpC1yQX
k+5MuzJL7WbTCudyHOtWcrlGlI6aXE3846fAoejSxp0R57GJZ8i3oocI+hzYT6HvNnsiHq
Nm5hrEC/wNz0U0w/VniXocHwHYbp8VOb3fMfkXPi9eYJqv+WgEHm50D/3ve8Bhsxp5BYaF
va8Wf3Tsy35Bbqx5Z9pF6ZptHHL5D1a5K8o+GfRzsxXzXOKjRz5Sgt/qDZuSJ3HhrdONGF
3oHO+/Brbzfs3hbgJKpzhlXLAxxWsD9qdJKSTdfOXSvu+vDrHPp/V1LSBEWD/ZwIQdEMwK
MZ17sLZqzp1PHOQQPx+ugnCt5OPokG6LR281qQAy0y3OefnYn62DsLMt3DLnbJvr2jtlWi
GA1sAcQqQlWetiD0AszwkhuEhmUxySoGqKFRiKccgLK6DEgRSFLWGS8MiZenFwR+cJ+73L
4WeApHfZeATEY5groZDix+yq3cHT5wY49GHlHPbaikythWMHAJ4FNGsF1tAM06sRUQfsEM
1jXnpuzr+TLNCfP457Ffvf+zuIpQJXjYOgXAzKO2eVXmYygYWGqFGOFeFkM1FN2UXdGAKU
ObHAmXAXUAqXAgjk4fjETG1YSnqolakKIIw2Jn+FdNnuvfgzMwdvz1Do3x84h+SIoVgqvE
A2mgZNWUzFF+0B/1e2a/G6gxsAUXgfuMYe8zycNvhxygINHYgeBRCb4/qJxKBcq3QV1Pip
jGpgScZvefpYEMHqbVy6hsFDIQotzqR0lIg+d4WaxxhsNWVQPXUf/2NtwZjeCJQdlrgi48
MXKJ4PNjqCej6QXswbw7PDwx3jI2HFt/tX/V6PActZtIrpMaekMit87bIr4wAcXNTsuTo3
4zejkH1MMkZA+LRKwhsqcOKzyzSyOvI50IVfF92ViXb1P/7zwdvMSqEghvLooHpcRLDmZB
8t9cFMOs5N2CzmXxKrCVD1Ex45f36/jGmxI5qcKdkulVcuY3yWQra3onzfkCEODGCW5FeG
LrIZULwMa4nI4Y+RkFftEponSYw=
-----END OPENSSH PRIVATE KEY-----
';
$rsa = new Crypt_RSA();
$rsa->setPassword('test');
$this->assertTrue($rsa->loadKey($key));
$this->assertIsString($rsa->getPublicKey());
$this->assertIsString($rsa->getPrivateKey());
}
}