Private key parsing with regex

[enricobenedos]

Hi,
I'm trying to solve an Invalid private key file. exception thrown on a docker container environment after the private key variable injection with Azure DevOps pipeline.

That's the flow:

• Set a new secret variable using pipeline variable groups and plain copy private key from the source
• In the pipeline file pass the variable as env
• Map it in docker command or docker compose

At runtime you obtain an inline private key that unfortunately doesn't match the regex pattern at

SSH.NET/src/Renci.SshNet/PrivateKeyFile.cs

Line 113 in 5b8382d

private const string PrivateKeyPattern = @"^-+ *BEGIN (?<keyName>\w+( \w+)*) *-+\r?\n((Proc-Type: 4,ENCRYPTED\r?\nDEK-Info: (?<cipherName>[A-Z0-9-]+),(?<salt>[a-fA-F0-9]+)\r?\n\r?\n)|(Comment: ""?[^\r\n]*""?\r?\n))?(?<data>([a-zA-Z0-9/+=]{1,80}\r?\n)+)(\r?\n)?-+ *END \k<keyName> *-+";

but it is a valid key, in fact in other projects we use the same pipeline pattern, so the same inline key, with native library code and it works

var rsa = RSA.Create();
rsa.ImportFromPem(signinKey.ToCharArray());

Do you know a workaround about that? Is it possible to improve this feature to support inline keys?

[Rob-Hague]

What does the key look like? E.g. what is the first line, or why isn't it matching the regex?

[enricobenedos]

It looks like that
-----BEGIN PRIVATE KEY----- RandomCharacters
but it works only like that
-----BEGIN PRIVATE KEY-----\nRandomCharacters

obviously that can be considered an issue related only to how Azure DevOps injects or maybe stores secret variables once pasted on the dedicated field.

My question starts from another app behaviour that simply works and recognize a key like in first example as valid using the framework RSA class.