detect_private_key: add textual version of `PKCS #8` encrypted private keys
As described by RFC7468 and RFC5958, keys that are encoded using the "ENCRYPTED
PRIVATE KEY" label are described as private key information and therefore can
contain secrets, even though encrypted.
Signed-off-by: Luís Ferreira <contact@lsferreira.net>
diff --git a/pre_commit_hooks/detect_private_key.py b/pre_commit_hooks/detect_private_key.py
index 7bbc2f9..bd1f296 100644
--- a/pre_commit_hooks/detect_private_key.py
+++ b/pre_commit_hooks/detect_private_key.py
@@ -11,6 +11,7 @@
b'PuTTY-User-Key-File-2',
b'BEGIN SSH2 ENCRYPTED PRIVATE KEY',
b'BEGIN PGP PRIVATE KEY BLOCK',
+ b'BEGIN ENCRYPTED PRIVATE KEY',
]
diff --git a/tests/detect_private_key_test.py b/tests/detect_private_key_test.py
index 7281000..9495047 100644
--- a/tests/detect_private_key_test.py
+++ b/tests/detect_private_key_test.py
@@ -10,6 +10,7 @@
(b'-----BEGIN OPENSSH PRIVATE KEY-----', 1),
(b'PuTTY-User-Key-File-2: ssh-rsa', 1),
(b'---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----', 1),
+ (b'-----BEGIN ENCRYPTED PRIVATE KEY-----', 1),
(b'ssh-rsa DATA', 0),
(b'ssh-dsa DATA', 0),
# Some arbitrary binary data
