diff --git a/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php b/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php index e5fb276e..96a434c0 100644 --- a/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php +++ b/phpseclib/Crypt/Common/Formats/Keys/OpenSSH.php @@ -202,7 +202,7 @@ abstract class OpenSSH */ protected static function wrapPrivateKey($publicKey, $privateKey, $password, $options) { - if (!empty($password) || is_string($password)) { + if (!empty($password) && is_string($password)) { throw new UnsupportedFormatException('Encrypted OpenSSH private keys are not supported'); } diff --git a/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php b/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php index b908adc1..3cd22d42 100644 --- a/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php +++ b/phpseclib/Crypt/EC/Formats/Keys/MontgomeryPrivate.php @@ -27,6 +27,7 @@ use phpseclib3\Crypt\EC\Curves\Curve448; use phpseclib3\Crypt\EC\BaseCurves\Montgomery as MontgomeryCurve; use phpseclib3\Math\Common\FiniteField\Integer; use phpseclib3\Math\BigInteger; +use phpseclib3\Exception\UnsupportedFormatException; /** * Montgomery Curve Private Key Handler @@ -98,6 +99,10 @@ abstract class MontgomeryPrivate */ public static function savePrivateKey(Integer $privateKey, MontgomeryCurve $curve, array $publicKey, $password = '') { + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('MontgomeryPrivate private keys do not support encryption'); + } + return $privateKey->toBytes(); } } diff --git a/phpseclib/Crypt/EC/Formats/Keys/libsodium.php b/phpseclib/Crypt/EC/Formats/Keys/libsodium.php index 8b7f6f7d..b8be1944 100644 --- a/phpseclib/Crypt/EC/Formats/Keys/libsodium.php +++ b/phpseclib/Crypt/EC/Formats/Keys/libsodium.php @@ -21,6 +21,7 @@ namespace phpseclib3\Crypt\EC\Formats\Keys; use phpseclib3\Crypt\EC\Curves\Ed25519; use phpseclib3\Math\Common\FiniteField\Integer; +use phpseclib3\Exception\UnsupportedFormatException; /** * libsodium Key Handler @@ -113,6 +114,9 @@ abstract class libsodium if (strlen($privateKey->secret) != 32) { throw new \RuntimeException('Private Key secret is not of the correct length'); } + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('libsodium private keys do not support encryption'); + } return $privateKey->secret . $curve->encodePoint($publicKey); } } diff --git a/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php b/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php index 60dff682..06469913 100644 --- a/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php +++ b/phpseclib/Crypt/RSA/Formats/Keys/MSBLOB.php @@ -22,6 +22,7 @@ namespace phpseclib3\Crypt\RSA\Formats\Keys; use ParagonIE\ConstantTime\Base64; use phpseclib3\Math\BigInteger; use phpseclib3\Common\Functions\Strings; +use phpseclib3\Exception\UnsupportedFormatException; /** * Microsoft BLOB Formatted RSA Key Handler @@ -191,6 +192,10 @@ abstract class MSBLOB throw new \InvalidArgumentException('MSBLOB does not support multi-prime RSA keys'); } + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('MSBLOB private keys do not support encryption'); + } + $n = strrev($n->toBytes()); $e = str_pad(strrev($e->toBytes()), 4, "\0"); $key = pack('aavV', chr(self::PRIVATEKEYBLOB), chr(2), 0, self::CALG_RSA_KEYX); diff --git a/phpseclib/Crypt/RSA/Formats/Keys/XML.php b/phpseclib/Crypt/RSA/Formats/Keys/XML.php index 9d3d2822..ef51c783 100644 --- a/phpseclib/Crypt/RSA/Formats/Keys/XML.php +++ b/phpseclib/Crypt/RSA/Formats/Keys/XML.php @@ -24,6 +24,7 @@ namespace phpseclib3\Crypt\RSA\Formats\Keys; use ParagonIE\ConstantTime\Base64; use phpseclib3\Math\BigInteger; +use phpseclib3\Exception\UnsupportedFormatException; /** * XML Formatted RSA Key Handler @@ -136,6 +137,11 @@ abstract class XML if (count($primes) != 2) { throw new \InvalidArgumentException('XML does not support multi-prime RSA keys'); } + + if (!empty($password) && is_string($password)) { + throw new UnsupportedFormatException('XML private keys do not support encryption'); + } + return "\r\n" . ' ' . Base64::encode($n->toBytes()) . "\r\n" . ' ' . Base64::encode($e->toBytes()) . "\r\n" .