[Bug 2567] New: Wrong terminology used for ssh-keygen "-m" option

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri May 6 05:59:41 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2567

            Bug ID: 2567
           Summary: Wrong terminology used for ssh-keygen "-m"  option
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: kazakevichilya at gmail.com

According to "man ssh-config", "-m" support following formats: "“PKCS8”
(PEM PKCS8 public key)" and "“PEM” (PEM public key)".

This is not true. First of all they are both PEM (Base64 encoded DER).
And PKCS8 is for *private* keys only. What you call "PKCS8" is
"SubjectPublicKeyInfo" and it is encoded in PEM.

What you call "PEM" is RSA public key encoded in PEM.

People are confused:
http://crypto.stackexchange.com/questions/27913/why-can-ssh-keygen-export-a-public-key-in-pem-pkcs8-format

http://crypto.stackexchange.com/questions/35093/why-ssh-gen-makes-difference-between-pem-and-pkcs8


"PKCS8" is better be called "SubjectPublicKeyInfo" or "AnyPublicKey"
and "PEM" should be "RSAPublicKey" or "RSAEncryption".

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list