Skip to content

Commit

Permalink
detect_private_key: add OpenVPN shared-secret key block
Browse files Browse the repository at this point in the history 
'OpenVPN Static key V1' label is often used by OpenVPN for providing hardening
security with additional HMAC signatures to the SSL/TLS handshake packets. They
are shared secrets and should be kept private.

Signed-off-by: Luís Ferreira <contact@lsferreira.net>
  • Loading branch information
Luís Ferreira committed Oct 2, 2021
1 parent ed8f871 commit 016c620
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions pre_commit_hooks/detect_private_key.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
b'BEGIN PGP PRIVATE KEY BLOCK',
b'BEGIN ENCRYPTED PRIVATE KEY',
b'BEGIN OpenVPN Static key V1',
]


Expand Down
1 change: 1 addition & 0 deletions tests/detect_private_key_test.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
(b'PuTTY-User-Key-File-2: ssh-rsa', 1),
(b'---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----', 1),
(b'-----BEGIN ENCRYPTED PRIVATE KEY-----', 1),
(b'-----BEGIN OpenVPN Static key V1-----', 1),
(b'ssh-rsa DATA', 0),
(b'ssh-dsa DATA', 0),
# Some arbitrary binary data
Expand Down

0 comments on commit 016c620

Please sign in to comment.