[Bug 2567] New: Wrong terminology used for ssh-keygen "-m" option
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri May 6 05:59:41 AEST 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2567
Bug ID: 2567
Summary: Wrong terminology used for ssh-keygen "-m" option
Product: Portable OpenSSH
Version: 6.6p1
Hardware: Other
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: kazakevichilya at gmail.com
According to "man ssh-config", "-m" support following formats: "PKCS8
(PEM PKCS8 public key)" and "PEM (PEM public key)".
This is not true. First of all they are both PEM (Base64 encoded DER).
And PKCS8 is for *private* keys only. What you call "PKCS8" is
"SubjectPublicKeyInfo" and it is encoded in PEM.
What you call "PEM" is RSA public key encoded in PEM.
People are confused:
http://crypto.stackexchange.com/questions/27913/why-can-ssh-keygen-export-a-public-key-in-pem-pkcs8-format
http://crypto.stackexchange.com/questions/35093/why-ssh-gen-makes-difference-between-pem-and-pkcs8
"PKCS8" is better be called "SubjectPublicKeyInfo" or "AnyPublicKey"
and "PEM" should be "RSAPublicKey" or "RSAEncryption".
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list