[Bug 2366] ssh-keygen doesn't correctly decode new format GCM-encrypted keys

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Apr 24 14:59:33 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2366

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2360
                 CC|                            |djm at mindrot.org

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
We didn't originally include support for the AEAD ciphers because we
couldn't come to a decision on whether the non-encrypted part of the
key should be included as "additional authenticated data".

Since we can't undo the wrapping of the encrypted part of the key
without peeking at the unencrypted data anyway, I think it makes sense
not to.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list