[Bug 3013] Use the PKCS#8 formatted PEM files instead of insecure "traditional PEM"

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Jul 15 23:21:54 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3013

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Applied - thanks!

commit eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jul 15 13:16:29 2019 +0000

    upstream: support PKCS8 as an optional format for storage of

    private keys, enabled via "ssh-keygen -m PKCS8" on operations that
save
    private keys to disk.

    The OpenSSH native key format remains the default, but PKCS8 is a
    superior format to PEM if interoperability with non-OpenSSH
software
    is required, as it may use a less terrible KDF (IIRC PEM uses a
single
    round of MD5 as a KDF).

    adapted from patch by Jakub Jelen via bz3013; ok markus

    OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list