Regex pattern too restrictive for SSH keys

Nov 24, 2012 at 1:01 AM

Currently the regex pattern for RSA key files is:

^-+ *BEGIN (?<keyName>\w+( \w+)*) PRIVATE KEY *-+\r?\n(Proc-Type: 4,ENCRYPTED\r?\nDEK-Info: (?<cipherName>[A-Z0-9-]+),(?<salt>[A-F0-9]+)\r?\n\r?\n)?(?<data>([a-zA-Z0-9/+=]{1,72}\r?\n)+)-+ *END \k<keyName> PRIVATE KEY *-+

I recommend it be changed to:

^-+ *BEGIN (?<keyName>\w+( \w+)*) PRIVATE KEY *-+\r?\n(Proc-Type: 4,ENCRYPTED\r?\nDEK-Info: (?<cipherName>[A-Z0-9-]+),(?<salt>[A-F0-9]+)\r?\n\r?\n)?(?<data>([a-zA-Z0-9/+=].*\r?\n)+)-+ *END \k<keyName> PRIVATE KEY *-+

The only difference is that the `{1,72}` has been changed to `.*`.  In my case (using Rightscale) the SSH keys are 77 characters in width.  The existing code breaks for such conventional keys, and the length of each row, I assume, shouldn't be hardcoded.