[Bug 1550] Move from 3DES to AES-256 for private key encryption

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 23 07:56:40 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1550





--- Comment #6 from Jim Knoble <jmknoble at pobox.com>  2009-01-23 07:56:39 ---
Date: Thu, 22 Jan 2009 14:49:01 -0500
From: Jim Knoble <jmknoble at pobox.com>
To: OpenSSH Devel <openssh-unix-dev at mindrot.org>
Subject: Re: OpenSSH private key encryption: time for AES?
Message-ID: <20090122194901.GB22282 at crawfish.ais.com>
Mail-Followup-To: OpenSSH Devel <openssh-unix-dev at mindrot.org>
References: <20090120060635.GA29074 at crawfish.ais.com>
 <alpine.BSO.1.10.0901201822540.5492 at fuyu.mindrot.org>
 <20090121014237.GD29074 at crawfish.ais.com>
 <alpine.BSO.1.10.0901211509560.5581 at fuyu.mindrot.org>
In-Reply-To: <alpine.BSO.1.10.0901211509560.5581 at fuyu.mindrot.org>

Circa 2009-01-20 23:16 dixit Damien Miller:

: On Tue, 20 Jan 2009, Jim Knoble wrote:
: 
: >     $ cat id_rsa-unencrypted |ssh-add /dev/stdin
: >     $ ssh-add -l |fgrep /dev/stdin
: >     2048 xx:xx:xx:...:xx:xx:xx /dev/stdin (RSA)
: >     $ 
: 
: Does that work without the patch? I don't think it would even with
: the current cipher because it needs to reread the file IIRC.

It's an unpatched ssh-keygen (OpenSSH_4.6p1 Debian-5ubuntu0.6, OpenSSL
0.9.8e 23 Feb 2007).

: > If both operations worked, then one could use an external
: > encryption/decryption facility with one's private keys, e.g.:
: > 
: >     openssl enc -d -in ~/.ssh/id_rsa -aes-256-cbc |ssh-add
/dev/stdin
: > 
: > (although it would take a passphrase to remove a key from
ssh-agent).
: 
: Wouldn't this just require the former to work? You'd be passing keys
: to ssh-agent in unencrypted form always, no?

Not sure i understand.  The only decryption would happen in the
'openssl | ssh-add' pipeline.  In order to know which key to remove,
ssh-add would need to read the unencrypted key, which would only be
available by decrypting it in the pipeline, supplying a passphrase to
the 'openssl' command.  Currently, 'ssh-add -d' doesn't require a
passphrase for an OpenSSH-encrypted private key.

I like the flexibility of being able to use stdin with ssh-add (and i
would prefer 'ssh-add -' rather than 'ssh-add /dev/stdin', but
whatever).  However, all the above may be moot in light of the
discussion further below.

: The key encryption for SSH protocol 2 keys is done by OpenSSL's PEM
: functions, so AES should be supported by any OpenSSL version that
supports
: AES in PEM. IIRC this has been supported for a number of years.

If older OpenSSH (to a point) would "just work" reading private keys
encrypted with AES-256, then that's fantastic, and no need for any
further options to ssh-keygen.

: If we change then it should be to the best encryption that is
supported by
: widely deployed SSL/OpenSSH versions.

Agreed.  Private keys are short, and even if decryption happens
frequently, it takes much longer to enter a passphrase than to decrypt
the key (and both decryption and passphrase can be mitigated via
ssh-agent).

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list