pre-commit/pre-commit-hooks
1
0
Fork 0
mirror of https://github.com/pre-commit/pre-commit-hooks.git synced 2026-04-10 05:14:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

detect_private_key: add OpenVPN shared-secret key block

Browse source 
'OpenVPN Static key V1' label is often used by OpenVPN for providing hardening
security with additional HMAC signatures to the SSL/TLS handshake packets. They
are shared secrets and should be kept private.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>
This commit is contained in:
Luís Ferreira 2021-10-02 20:42:15 +01:00
parent ccdf02dfd4
commit 1b4e30e9aa
No known key found for this signature in database
GPG key ID: 730750D54B7A9F66
2 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
pre_commit_hooks/detect_private_key.py
View file

@ -12,6 +12,7 @@ BLACKLIST = [
b'BEGIN SSH2 ENCRYPTED PRIVATE KEY', b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
b'BEGIN PGP PRIVATE KEY BLOCK', b'BEGIN PGP PRIVATE KEY BLOCK',
b'BEGIN ENCRYPTED PRIVATE KEY', b'BEGIN ENCRYPTED PRIVATE KEY',
b'BEGIN OpenVPN Static key V1',
] ]

1
tests/detect_private_key_test.py
View file

@ -11,6 +11,7 @@ TESTS = (
(b'PuTTY-User-Key-File-2: ssh-rsa', 1), (b'PuTTY-User-Key-File-2: ssh-rsa', 1),
(b'---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----', 1), (b'---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----', 1),
(b'-----BEGIN ENCRYPTED PRIVATE KEY-----', 1), (b'-----BEGIN ENCRYPTED PRIVATE KEY-----', 1),
(b'-----BEGIN OpenVPN Static key V1-----', 1),
(b'ssh-rsa DATA', 0), (b'ssh-rsa DATA', 0),
(b'ssh-dsa DATA', 0), (b'ssh-dsa DATA', 0),
# Some arbitrary binary data # Some arbitrary binary data