corrupt client keys question
Pete Flugstad
peteflugstad at mchsi.com
Sat Nov 15 04:10:55 EST 2003
Okay, some more info, just to clarify. Summary: as Markus notes, it
basically depends on what part of the "private" key you corrupt.
The PEM private key format used by OpenSSL is defined in PKCS#8, which
in turn references the RSAPrivateKey format from PKCS#1:
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER, -- (inverse of q) mod p
otherPrimeInfos OtherPrimeInfos OPTIONAL
}
Needless to say, there's a lot here, some or much of it is redudant and
so not all of this is used for authentication (probably only n and e?).
This data get's ASN.1 encoded, then that gets Base64 encoded. So
corrupting one part of the Base64 encoded data may or may not break the
ASN.1 decoding - if it does, then obviously the key is useless and the
PEM load will fail. And depending on which of the fields above you end
up corrupting, this also may or may not break the use of the key for
authentication.
openssl rsa -check runs a whole series of additional checks to make sure
all the fields match. IMO, this is probably too expensive for the SSH
client to be doing (can any OpenSSH guys comment?)
So, long storry short - there's nothing here, move along :-). Sorry for
any confusion, I should have researched more before I posted.
Pete
More information about the openssh-unix-dev
mailing list