[Bug 2699] New: PKCS#8 private keys with AES-128-CBC stopped working
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Mar 26 02:24:49 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2699
Bug ID: 2699
Summary: PKCS#8 private keys with AES-128-CBC stopped working
Product: Portable OpenSSH
Version: 7.5p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: peter at lekensteyn.nl
In older OpenSSH versions, the key derivation method was quite weak,
but the encryption method could be changed (see
https://security.stackexchange.com/a/39293). Basically:
openssl pkcs8 -topk8 -in id_rsa -out keypk8.pem -v2 AES-128-CBC
With the latest OpenSSH version, the key no longer functions. "ssh
host" fails with "invalid format".
Expected result (7.4p1):
$ ssh-keygen -f keypk8.pem -y
Enter passphrase: 1234
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAgQDQ33ndDr5N/AI8y2PzrqGbadLeS5fSf2GsVJx2B2KxhazL2z5Oufin+wjJ1hW12/zWyQs/9CFYQFrife+PrMUOdLitsmlD3l4lBQ29+XKsmPabtINPJQ0n4dxgBGeFxTCd4lJwiysmVsXPnNrgQTcx2nirrIk1C7wSW9Ai9W3fZQ==
Actual result (7.5p1):
$ ssh-keygen -f keypk8.pem -y
Enter passphrase:
Load key "keypk8.pem": invalid format
$ cat keypk8.pem
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICzzBJBgkqhkiG9w0BBQ0wPDAbBgkqhkiG9w0BBQwwDgQIjD0b5HeRJgcCAggA
MB0GCWCGSAFlAwQBAgQQO0b81Wq1hf72ClU42A/MlgSCAoCtUR3Stws9u5+CE3B8
ewvZeDZRm1suk2vCrt1f/AMUTZv18hfJtreS3qcAJAUJbuzpC8B/xNLv/k2SfPkl
pEX3hma9JNebVt6CwnFnxiSGqVthNuO7iprTnabTcwMZVJnx32YoqEa3rS/NWf+D
kMSWHcuUSngreuL8XA3oWlzIcDDcEGY/gpLFvli4YXnBJe0fM/NBBm1QqTOWgNlB
xCzbVwi58aELHt9OYzhYQOnNVFE3ZJxwzBQZA7+lsiwAPQZhCVFuoR5nbsHAGq4m
ATb5Zl6kXqQFbyHnNimcuZPvNpNJ5AKpgSUDgGpDycxsp4a59noG9jKdlubrlvgl
cXFsA3COBKB87edRgLDU2X2+XTrtGRtRBfwkt5Os3+4NQYGpI7s3KT/VCEAoQSgZ
HKXLW6UjMtE/prNXiGlOCMlvWiBxJC1ZH4OsG6vVjmH7jX6xE4sxIER9ENezKGHC
pcqP6qfne5O/gkKwd3IDMbsdNp2rislAP4baXk9lHbxVKTzbW1xPDHq5iXlcGuUZ
q4Mgena5VUIIgPN1RTBFWwLVNHKlVJcM0w3+OVAK84/aX7NUyhLV6fZgi3jVSkaV
aHDDAezvzUwwgm63du0hBZlWLkl2IY7b/SOsTaZV9bwiaLG4kmlMhwYQEKpTIgDA
ZMJ/oQAWKgWqm7Vg4kW06ri7iKOoIWIIDINbgB1hiFVOdVOLFFDKBd/Rso6pCDlQ
jHcrA4nwzsqKqFG3+NKRmUtaIwAekWTKgknlVu+nhGBA/PjOFnucyBY2hceJpLsK
9W7EgT2Y/QURyMRf9OE2rtV+8C01C0tyyIXxEleV941N9AeK4F2GMeL2/i/blyuN
TVmf
-----END ENCRYPTED PRIVATE KEY-----
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list