putty-key 1.0.1 → 1.1.1

data/test/ppk_test.rb

@@ -16,18 +16,39 @@ class PPKTest < Minitest::Test
     assert_nil(ppk.private_blob)
   end
 
-  def test_initialize_invalid_format
-    [1,3].each do |format|
-      assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(fixture_path("test-invalid-format-#{format}.ppk")) }
+  def test_initialize_invalid_format_too_old
+    format = PuTTY::Key::PPK::MINIMUM_FORMAT - 1
+    error = assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(fixture_path("test-invalid-format-#{format}.ppk")) }
+    assert_equal("The ppk file is using an old unsupported format (#{format})", error.message)
+  end
+
+  def test_initialize_invalid_format_too_new
+    format = PuTTY::Key::PPK::MAXIMUM_FORMAT + 1
+    error = assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(fixture_path("test-invalid-format-#{format}.ppk")) }
+    assert_equal("The ppk file is using a format that is too new (#{format})", error.message)
+  end
+
+  [:encryption_type, :key_derivation, :argon2_memory, :argon2_memory_maximum,
+    :argon2_passes, :argon2_passes_maximum, :argon2_parallelism,
+    :argon2_parallelism_maximum, :argon2_salt
+  ].each do |feature|
+    define_method("test_initialize_invalid_#{feature}") do
+      path = fixture_path("test-invalid-#{feature.to_s.gsub('_', '-')}.ppk")
+      assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(path, 'Test Passphrase') }
     end
   end
 
-  def test_initialize_invalid_encryption_type
-    assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(fixture_path('test-invalid-encryption-type.ppk')) }
+  [:private_mac, :blob_lines].each do |feature|
+    define_method("test_initialize_invalid_#{feature}") do
+      path = fixture_path("test-invalid-#{feature.to_s.gsub('_', '-')}.ppk")
+      assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(path) }
+    end
   end
 
-  def test_initialize_invalid_private_mac
-    assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(fixture_path('test-invalid-private-mac.ppk')) }
+  def test_initialize_invalid_argon2_memory_for_libargon2
+    # Allowed by Argon2Params, but not by libargon2.
+    path = fixture_path("test-invalid-argon2-memory-for-libargon2.ppk")
+    assert_raises(PuTTY::Key::Argon2Error) { PuTTY::Key::PPK.new(path, 'Test Passphrase') }
   end
 
   def test_initialize_file_not_exists
@@ -44,30 +65,51 @@ class PPKTest < Minitest::Test
     assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(fixture_path('test-truncated.ppk')) }
   end
 
-  def test_initialize_invalid_blob_lines
-    assert_raises(PuTTY::Key::FormatError) { PuTTY::Key::PPK.new(fixture_path('test-invalid-blob-lines.ppk')) }
-  end
-
-  def assert_test_ppk_properties(ppk, comment: TEST_COMMENT, encrypted: false)
+  def assert_test_ppk_properties(ppk, comment: TEST_COMMENT, public_blob: TEST_PUBLIC_BLOB, private_blob: TEST_PRIVATE_BLOB, encrypted: false)
     assert_equal(Encoding::ASCII_8BIT, ppk.algorithm.encoding)
     assert_equal(Encoding::ASCII_8BIT, ppk.comment.encoding)
     assert_equal(Encoding::ASCII_8BIT, ppk.public_blob.encoding)
     assert_equal(Encoding::ASCII_8BIT, ppk.private_blob.encoding)
     assert_equal('test'.b, ppk.algorithm)
     assert_equal(comment, ppk.comment)
-    assert_equal(TEST_PUBLIC_BLOB, ppk.public_blob)
+    assert_equal(public_blob, ppk.public_blob)
 
     if encrypted
       # When loading an encrypted ppk file, the padding added to the private blob cannot be removed.
-      assert(ppk.private_blob.start_with?(TEST_PRIVATE_BLOB), "Private blob does not start with #{TEST_PRIVATE_BLOB}")
+      assert(ppk.private_blob.start_with?(private_blob), "Private blob does not start with #{TEST_PRIVATE_BLOB}")
     else
-      assert_equal(TEST_PRIVATE_BLOB, ppk.private_blob)
+      assert_equal(private_blob, ppk.private_blob)
     end
   end
 
-  def test_initialize_unencrypted
-    ppk = PuTTY::Key::PPK.new(fixture_path('test.ppk'))
-    assert_test_ppk_properties(ppk)
+  [2, 3].each do |format|
+    define_method("test_initialize_unencrypted_format_#{format}") do
+      ppk = PuTTY::Key::PPK.new(fixture_path("test-format-#{format}.ppk"))
+      assert_test_ppk_properties(ppk)
+    end
+
+    define_method("test_initialize_encrypted_format_#{format}") do
+      ppk = PuTTY::Key::PPK.new(fixture_path("test-encrypted-format-#{format}.ppk"), 'Test Passphrase')
+      assert_test_ppk_properties(ppk, encrypted: true)
+    end
+
+    define_method("test_initialize_encrypted_no_passphrase_#{format}") do
+      path = fixture_path("test-encrypted-format-#{format}.ppk")
+      assert_raises(ArgumentError) { PuTTY::Key::PPK.new(path) }
+    end
+
+    define_method("test_initialize_encrypted_incorrect_passphrase_#{format}") do
+      path = fixture_path("test-encrypted-format-#{format}.ppk")
+      assert_raises(ArgumentError) { PuTTY::Key::PPK.new(path, 'Not Test Passphrase') }
+    end
+  end
+
+  # type-d and type-i fixtures also use different Argon2 parameters.
+  [:d, :i].each do |type|
+    define_method("test_initialize_encrypted_format_3_type_#{type}") do
+      ppk = PuTTY::Key::PPK.new(fixture_path("test-encrypted-type-#{type}-format-3.ppk"), 'Test Passphrase')
+      assert_test_ppk_properties(ppk, encrypted: true)
+    end
   end
 
   def test_initialize_blank_comment
@@ -75,27 +117,56 @@ class PPKTest < Minitest::Test
     assert_test_ppk_properties(ppk, comment: ''.b)
   end
 
-  def test_initialize_encrypted
-    ppk = PuTTY::Key::PPK.new(fixture_path('test-encrypted.ppk'), 'Test Passphrase')
-    assert_test_ppk_properties(ppk, encrypted: true)
+  def test_initialize_empty_blobs
+    ppk = PuTTY::Key::PPK.new(fixture_path('test-empty-blobs.ppk'))
+    assert_test_ppk_properties(ppk, public_blob: ''.b, private_blob: ''.b, encrypted: true)
   end
 
-  def test_initialize_encrypted_no_passphrase
-    assert_raises(ArgumentError) { PuTTY::Key::PPK.new(fixture_path('test-encrypted.ppk')) }
+  def test_initialize_empty_blobs_encrypted
+    ppk = PuTTY::Key::PPK.new(fixture_path('test-empty-blobs-encrypted.ppk'), 'Test Passphrase')
+    assert_test_ppk_properties(ppk, public_blob: ''.b, private_blob: ''.b, encrypted: true)
   end
 
-  def test_initialize_encrypted_incorrect_passphrase
-    assert_raises(ArgumentError) { PuTTY::Key::PPK.new(fixture_path('test-encrypted.ppk'), 'Not Test Passphrase') }
+  def test_initialize_missing_final_line_ending
+    ppk = PuTTY::Key::PPK.new(fixture_path('test-missing-final-line-ending.ppk'))
+    assert_test_ppk_properties(ppk)
   end
 
   def test_initialize_pathname
-    ppk = PuTTY::Key::PPK.new(Pathname.new(fixture_path('test.ppk')))
+    ppk = PuTTY::Key::PPK.new(Pathname.new(fixture_path('test-format-2.ppk')))
     assert_test_ppk_properties(ppk)
   end
 
-  def test_initialize_unix_line_endings
-    ppk = PuTTY::Key::PPK.new(fixture_path('test-unix-line-endings.ppk'))
-    assert_test_ppk_properties(ppk)
+  def test_initialize_from_io_with_getbyte
+    File.open(fixture_path('test-format-2.ppk'), 'rb') do |file|
+      reader = TestReaderWithGetbyte.new(file)
+      ppk = PuTTY::Key::PPK.new(reader)
+      assert_test_ppk_properties(ppk)
+    end
+  end
+
+  def test_initialize_from_io_with_read
+    File.open(fixture_path('test-format-2.ppk'), 'rb') do |file|
+      reader = TestReaderWithRead.new(file)
+      ppk = PuTTY::Key::PPK.new(reader)
+      assert_test_ppk_properties(ppk)
+    end
+  end
+
+  def test_initialize_from_io_with_binmode
+    File.open(fixture_path('test-format-2.ppk'), 'r') do |file|
+      reader = TestReaderWithBinmode.new(file)
+      ppk = PuTTY::Key::PPK.new(reader)
+      assert_equal(1, reader.binmode_calls)
+      assert_test_ppk_properties(ppk)
+    end
+  end
+
+  %w(legacy_mac windows).each do |type|
+    define_method("test_initialize_#{type}_line_endings") do
+      ppk = PuTTY::Key::PPK.new(fixture_path("test-#{type.gsub('_', '-')}-line-endings.ppk"))
+      assert_test_ppk_properties(ppk)
+    end
   end
 
   def create_test_ppk
@@ -140,10 +211,10 @@ class PPKTest < Minitest::Test
     end
   end
 
-  def test_save_format_not_supported
-    ppk = create_test_ppk
-    temp_file_name do |file|
-      [1,3].each do |format|
+  [PuTTY::Key::PPK::MINIMUM_FORMAT - 1, PuTTY::Key::PPK::MAXIMUM_FORMAT + 1].each do |format|
+    define_method("test_save_format_#{format}_not_supported") do
+      ppk = create_test_ppk
+      temp_file_name do |file|
         assert_raises(ArgumentError) { ppk.save(file, 'Test Passphrase', format: format) }
       end
     end
@@ -180,27 +251,93 @@ class PPKTest < Minitest::Test
     end
   end
 
-  def test_save_unencrypted
+  [2, 3].each do |format|
+    define_method("test_save_unencrypted_format_#{format}") do
+      ppk = create_test_ppk
+      temp_file_name do |file|
+        ppk.save(file, format: format)
+        assert_identical_to_fixture("test-format-#{format}.ppk", file)
+      end
+    end
+
+    define_method("test_save_passphrase_empty_format_#{format}") do
+      ppk = create_test_ppk
+      temp_file_name do |file|
+        ppk.save(file, '', format: format)
+        assert_identical_to_fixture("test-format-#{format}.ppk", file)
+      end
+    end
+
+    define_method("test_save_encrypted_format_#{format}") do
+      ppk = create_test_ppk
+      temp_file_name do |file|
+        ppk.save(file, 'Test Passphrase', format: format, argon2_params: PuTTY::Key::Argon2Params.new(passes: 8, salt: "\x7d\x5d\x45\x57\xc5\x56\x3a\x5b\x50\x09\xe1\x45\x2c\x51\x8e\x04".b))
+        assert_identical_to_fixture("test-encrypted-format-#{format}.ppk", file)
+      end
+    end
+  end
+
+  # type_d and type_i tests cover other Argon2 parameters too.
+  def test_save_encrypted_type_d_format_3
     ppk = create_test_ppk
     temp_file_name do |file|
-      ppk.save(file)
-      assert_identical_to_fixture('test.ppk', file)
+      ppk.save(file, 'Test Passphrase', format: 3, argon2_params: PuTTY::Key::Argon2Params.new(type: :d, memory: 4096, passes: 9, salt: "\xbc\x44\x19\x1a\xa9\x26\x73\xa5\xc0\x54\x3f\x37\x36\x33\xdd\xf4".b ))
+      assert_identical_to_fixture("test-encrypted-type-d-format-3.ppk", file)
     end
   end
 
-  def test_save_passphrase_empty
+  def test_save_encrypted_type_i_format_3
     ppk = create_test_ppk
     temp_file_name do |file|
-      ppk.save(file, '')
-      assert_identical_to_fixture('test.ppk', file)
+      ppk.save(file, 'Test Passphrase', format: 3, argon2_params: PuTTY::Key::Argon2Params.new(type: :i, memory: 2048, passes: 5, parallelism: 3, salt: "\xbd\x5e\x3d\x94\x03\xec\x37\x41\x8b\xa5\xae\x1d\x11\x6f\xa9\x75".b ))
+      assert_identical_to_fixture("test-encrypted-type-i-format-3.ppk", file)
     end
   end
 
-  def test_save_encrypted
+  def get_field(file, name)
+    line = File.readlines(file, mode: 'rb').find {|l| l.start_with?("#{name}: ")}
+    line && line.byteslice(name.bytesize + 2, line.bytesize - name.bytesize - 2).chomp("\n")
+  end
+
+  def test_save_chooses_random_salt
     ppk = create_test_ppk
     temp_file_name do |file|
-      ppk.save(file, 'Test Passphrase')
-      assert_identical_to_fixture('test-encrypted.ppk', file)
+      ppk.save(file, 'Test Passphrase', format: 3)
+      salt1 = get_field(file, 'Argon2-Salt')
+      assert_match(/\A[0-9a-f]{32}\z/, salt1)
+
+      File.unlink(file)
+      ppk.save(file, 'Test Passphrase', format: 3)
+      salt2 = get_field(file, 'Argon2-Salt')
+      assert_match(/\A[0-9a-f]{32}\z/, salt2)
+
+      refute_equal(salt1, salt2)
+    end
+  end
+
+  def test_save_calculates_passes_required_for_time
+    ppk = create_test_ppk
+    temp_file_name do |file|
+      ppk.save(file, 'Test Passphrase', format: 3, argon2_params: PuTTY::Key::Argon2Params.new(desired_time: 0))
+      passes = get_field(file, 'Argon2-Passes').to_i
+      initial_passes = passes
+
+      100.step(by: 100, to: 1000) do |desired_time|
+        File.unlink(file)
+        ppk.save(file, 'Test Passphrase', format: 3, argon2_params: PuTTY::Key::Argon2Params.new(desired_time: desired_time))
+        passes = get_field(file, 'Argon2-Passes').to_i
+        break if passes > initial_passes
+      end
+
+      assert(passes > initial_passes)
+    end
+  end
+
+  def test_save_raises_error_if_libargon2_rejects_parameters
+    ppk = create_test_ppk
+    temp_file_name do |file|
+      argon2_params = PuTTY::Key::Argon2Params.new(memory: 1)
+      assert_raises(PuTTY::Key::Argon2Error) { ppk.save(file, 'Test Passphrase', format: 3, argon2_params: argon2_params) }
     end
   end
 
@@ -222,11 +359,91 @@ class PPKTest < Minitest::Test
     end
   end
 
+  def test_save_empty_blobs
+    ppk = create_test_ppk
+    ppk.public_blob = ''.b
+    ppk.private_blob = ''.b
+    temp_file_name do |file|
+      ppk.save(file)
+      assert_identical_to_fixture('test-empty-blobs.ppk', file)
+    end
+  end
+
+  def test_save_empty_blobs_encrypted
+    ppk = create_test_ppk
+    ppk.public_blob = ''.b
+    ppk.private_blob = ''.b
+    temp_file_name do |file|
+      ppk.save(file, 'Test Passphrase')
+      assert_identical_to_fixture('test-empty-blobs-encrypted.ppk', file)
+    end
+  end
+
+  def get_blob(file, name)
+    lines = File.readlines(file, mode: 'rb')
+    index = lines.find_index {|l| l.start_with?("#{name}-Lines: ")}
+    return nil unless index
+    line = lines[index]
+    count = line.byteslice(name.bytesize + 8, line.bytesize - name.bytesize - 2).chomp("\n").to_i
+    blob_lines = lines[index + 1, count]
+    blob_lines.join("\n").unpack('m48').first
+  end
+
+  [[0, 0], [15, 1], [16, 0], [17, 15], [18, 14], [30, 2], [31, 1], [32, 0]].each do |length, needed|
+    define_method("test_save_encrypted_pads_private_blob_of_length_#{length}_to_multiple_of_block_size_with_sha1") do
+      private_blob = "\0".b * length
+      ppk = create_test_ppk
+      ppk.private_blob = private_blob
+
+      temp_file_name do |file|
+        ppk.save(file, 'Test Passphrase')
+        encrypted_padded_private_blob = get_blob(file, 'Private')
+        assert_equal(length + needed, encrypted_padded_private_blob.bytesize)
+        assert_equal(private_blob, ppk.private_blob)
+
+        loaded_ppk = PuTTY::Key::PPK.new(file, 'Test Passphrase')
+        assert_equal(length + needed, loaded_ppk.private_blob.bytesize)
+
+        if needed == 0
+          assert_equal(private_blob, loaded_ppk.private_blob)
+        else
+          assert_equal(private_blob, loaded_ppk.private_blob.byteslice(0, length))
+          padding = loaded_ppk.private_blob.byteslice(length, needed)
+          expected_padding = OpenSSL::Digest::SHA1.new(private_blob).digest.byteslice(0, needed)
+          assert_equal(expected_padding, padding)
+        end
+      end
+    end
+  end
+
   def test_save_pathname
     ppk = create_test_ppk
     temp_file_name do |file|
       ppk.save(Pathname.new(file))
-      assert_identical_to_fixture('test.ppk', file)
+      assert_identical_to_fixture('test-format-2.ppk', file)
+    end
+  end
+
+  def test_save_to_io
+    ppk = create_test_ppk
+    temp_file_name do |file_name|
+      File.open(file_name, 'wb') do |file|
+        writer = TestWriter.new(file)
+        ppk.save(writer)
+      end
+      assert_identical_to_fixture('test-format-2.ppk', file_name)
+    end
+  end
+
+  def test_save_to_io_with_binmode
+    ppk = create_test_ppk
+    temp_file_name do |file_name|
+      File.open(file_name, 'w') do |file|
+        writer = TestWriterWithBinmode.new(file)
+        ppk.save(writer)
+        assert_equal(1, writer.binmode_calls)
+      end
+      assert_identical_to_fixture('test-format-2.ppk', file_name)
     end
   end
 
@@ -235,7 +452,7 @@ class PPKTest < Minitest::Test
     temp_file_name do |file|
       File.open(file, 'w') { |f| f.write('not test.ppk') }
       ppk.save(file)
-      assert_identical_to_fixture('test.ppk', file)
+      assert_identical_to_fixture('test-format-2.ppk', file)
     end
   end
 
@@ -246,4 +463,68 @@ class PPKTest < Minitest::Test
       assert_equal(File.size(file), result)
     end
   end
+
+  module BinmodeCallsTest
+    def binmode
+      if instance_variable_defined?(:@binmode_calls)
+        @binmode_calls += 1
+      else
+        @binmode_calls = 1
+      end
+      @io.binmode
+      self
+    end
+
+    def binmode_calls
+      instance_variable_defined?(:@binmode_calls) ? @binmode_calls : 0
+    end
+  end
+
+  class TestReaderWithGetbyte
+    def initialize(io)
+      @io = io
+    end
+
+    def getbyte(*args)
+      @io.getbyte(*args)
+    end
+  end
+
+  class TestReaderWithRead
+    def initialize(io)
+      @io = io
+    end
+
+    def read(*args)
+      @io.read(*args)
+    end
+  end
+
+  class TestReaderWithBinmode < TestReaderWithGetbyte
+    include BinmodeCallsTest
+
+    def getbyte(*args)
+      raise 'binmode must be called before getbyte' unless binmode_calls > 0
+      super
+    end
+  end
+
+  class TestWriter
+    def initialize(io)
+      @io = io
+    end
+
+    def write(*args)
+      @io.write(*args)
+    end
+  end
+
+  class TestWriterWithBinmode < TestWriter
+    include BinmodeCallsTest
+
+    def write(*args)
+      raise 'binmode must be called before write' unless binmode_calls > 0
+      super
+    end
+  end
 end

data/test/test_helper.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'putty/key'
+
 TEST_TYPE = (ENV['TEST_TYPE'] || 'refinement').to_sym
 raise "Unrecognized TEST_TYPE: #{TEST_TYPE}" unless [:refinement, :global].include?(TEST_TYPE)
 
@@ -15,6 +17,13 @@ if TEST_COVERAGE
     "#{object.respond_to?(method) ? '' : 'no_'}#{Regexp.escape(object.class.name.downcase.gsub('::', '_'))}_#{Regexp.escape(method)}"
   end
 
+  feature_support = [
+    ['openssl3', PuTTY::Key::OpenSSL.const_get(:Version).openssl?(3)],
+    ['refinement_class', defined?(Refinement)]
+  ].map do |feature, available|
+    "#{available ? '' : 'no_'}#{feature}"
+  end
+
   SimpleCov.command_name TEST_TYPE.to_s
 
   SimpleCov.formatters = [
@@ -23,13 +32,11 @@ if TEST_COVERAGE
 
   SimpleCov.start do
     add_filter 'test'
-    nocov_token "nocov_(#{method_support.join('|')})"
+    nocov_token "nocov_(#{(method_support + feature_support).join('|')})"
     project_name 'PuTTY::Key'
   end
 end
 
-require 'putty/key'
-
 require 'fileutils'
 require 'minitest/autorun'
 require 'tmpdir'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: putty-key
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.1
 platform: ruby
 authors:
 - Philip Ross
@@ -29,10 +29,24 @@ cert_chain:
   J3Zn/kSTjTekiaspyGbczC3PUaeJNxr+yCvR4sk71Xmk/GaKKGOHedJ1uj/LAXrA
   MR0mpl7b8zCg0PFC1J73uw==
   -----END CERTIFICATE-----
-date: 2019-12-26 00:00:00.000000000 Z
-dependencies: []
+date: 2022-10-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 description: |
-  PuTTY::Key is a pure-Ruby implementation of the PuTTY private key (ppk) format,
+  PuTTY::Key is a Ruby implementation of the PuTTY private key (ppk) format,
   handling reading and writing .ppk files. It includes a refinement to Ruby's
   OpenSSL library to add support for converting DSA, EC and RSA private keys to
   and from PuTTY private key files. This allows OpenSSH ecdsa, ssh-dss and ssh-rsa
@@ -52,38 +66,68 @@ files:
 - README.md
 - Rakefile
 - lib/putty/key.rb
+- lib/putty/key/argon2_params.rb
 - lib/putty/key/error.rb
+- lib/putty/key/libargon2.rb
 - lib/putty/key/openssl.rb
 - lib/putty/key/ppk.rb
 - lib/putty/key/util.rb
 - lib/putty/key/version.rb
 - putty-key.gemspec
-- test/fixtures/dss-1024-encrypted.ppk
+- test/argon2_params_test.rb
+- test/fixtures/dss-1024-encrypted-format-2.ppk
+- test/fixtures/dss-1024-encrypted-format-3.ppk
+- test/fixtures/dss-1024-format-2.ppk
+- test/fixtures/dss-1024-format-3.ppk
 - test/fixtures/dss-1024.pem
-- test/fixtures/dss-1024.ppk
 - test/fixtures/ecdsa-secp256k1.pem
-- test/fixtures/ecdsa-sha2-nistp256-encrypted.ppk
+- test/fixtures/ecdsa-sha2-nistp256-encrypted-format-2.ppk
+- test/fixtures/ecdsa-sha2-nistp256-encrypted-format-3.ppk
+- test/fixtures/ecdsa-sha2-nistp256-format-2.ppk
+- test/fixtures/ecdsa-sha2-nistp256-format-3.ppk
 - test/fixtures/ecdsa-sha2-nistp256.pem
-- test/fixtures/ecdsa-sha2-nistp256.ppk
-- test/fixtures/ecdsa-sha2-nistp384-encrypted.ppk
+- test/fixtures/ecdsa-sha2-nistp384-encrypted-format-2.ppk
+- test/fixtures/ecdsa-sha2-nistp384-encrypted-format-3.ppk
+- test/fixtures/ecdsa-sha2-nistp384-format-2.ppk
+- test/fixtures/ecdsa-sha2-nistp384-format-3.ppk
 - test/fixtures/ecdsa-sha2-nistp384.pem
-- test/fixtures/ecdsa-sha2-nistp384.ppk
-- test/fixtures/ecdsa-sha2-nistp521-encrypted.ppk
+- test/fixtures/ecdsa-sha2-nistp521-encrypted-format-2.ppk
+- test/fixtures/ecdsa-sha2-nistp521-encrypted-format-3.ppk
+- test/fixtures/ecdsa-sha2-nistp521-format-2.ppk
+- test/fixtures/ecdsa-sha2-nistp521-format-3.ppk
 - test/fixtures/ecdsa-sha2-nistp521.pem
-- test/fixtures/ecdsa-sha2-nistp521.ppk
-- test/fixtures/rsa-2048-encrypted.ppk
+- test/fixtures/rsa-2048-encrypted-format-2.ppk
+- test/fixtures/rsa-2048-encrypted-format-3.ppk
+- test/fixtures/rsa-2048-format-2.ppk
+- test/fixtures/rsa-2048-format-3.ppk
 - test/fixtures/rsa-2048.pem
-- test/fixtures/rsa-2048.ppk
 - test/fixtures/test-blank-comment.ppk
-- test/fixtures/test-encrypted.ppk
+- test/fixtures/test-empty-blobs-encrypted.ppk
+- test/fixtures/test-empty-blobs.ppk
+- test/fixtures/test-encrypted-format-2.ppk
+- test/fixtures/test-encrypted-format-3.ppk
+- test/fixtures/test-encrypted-type-d-format-3.ppk
+- test/fixtures/test-encrypted-type-i-format-3.ppk
+- test/fixtures/test-format-2.ppk
+- test/fixtures/test-format-3.ppk
+- test/fixtures/test-invalid-argon2-memory-for-libargon2.ppk
+- test/fixtures/test-invalid-argon2-memory-maximum.ppk
+- test/fixtures/test-invalid-argon2-memory.ppk
+- test/fixtures/test-invalid-argon2-parallelism-maximum.ppk
+- test/fixtures/test-invalid-argon2-parallelism.ppk
+- test/fixtures/test-invalid-argon2-passes-maximum.ppk
+- test/fixtures/test-invalid-argon2-passes.ppk
+- test/fixtures/test-invalid-argon2-salt.ppk
 - test/fixtures/test-invalid-blob-lines.ppk
 - test/fixtures/test-invalid-encryption-type.ppk
 - test/fixtures/test-invalid-format-1.ppk
-- test/fixtures/test-invalid-format-3.ppk
+- test/fixtures/test-invalid-format-4.ppk
+- test/fixtures/test-invalid-key-derivation.ppk
 - test/fixtures/test-invalid-private-mac.ppk
+- test/fixtures/test-legacy-mac-line-endings.ppk
+- test/fixtures/test-missing-final-line-ending.ppk
 - test/fixtures/test-truncated.ppk
-- test/fixtures/test-unix-line-endings.ppk
-- test/fixtures/test.ppk
+- test/fixtures/test-windows-line-endings.ppk
 - test/openssl_test.rb
 - test/ppk_test.rb
 - test/test_helper.rb
@@ -92,7 +136,12 @@ files:
 homepage: https://github.com/philr/putty-key
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/philr/putty-key/issues
+  changelog_uri: https://github.com/philr/putty-key/blob/master/CHANGES.md
+  documentation_uri: https://rubydoc.info/gems/putty-key/1.1.1
+  homepage_uri: https://github.com/philr/putty-key
+  source_code_uri: https://github.com/philr/putty-key/tree/v1.1.1
 post_install_message: 
 rdoc_options:
 - "--title"
@@ -113,10 +162,11 @@ required_rubygems_version: !ruby/object:Gem::Requirement
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
-requirements: []
-rubygems_version: 3.1.2
+requirements:
+- libargon2 to handle format 3 .ppk files
+rubygems_version: 3.3.7
 signing_key: 
 specification_version: 4
-summary: Reads and writes PuTTY private key (.ppk) files. Refines OpenSSL::PKey to
-  allow key conversion.
+summary: PuTTY private key (.ppk) library. Supports reading and writing with a refinement
+  to OpenSSL::PKey to allow key conversion.
 test_files: []