corrupt client keys question

Pete Flugstad peteflugstad at
Sat Nov 15 04:10:55 EST 2003

Okay, some more info, just to clarify.  Summary: as Markus notes, it 
basically depends on what part of the "private" key you corrupt.

The PEM private key format used by OpenSSL is defined in PKCS#8, which 
in turn references the RSAPrivateKey format from PKCS#1:

RSAPrivateKey ::= SEQUENCE {
     version           Version,
     modulus           INTEGER,  -- n
     publicExponent    INTEGER,  -- e
     privateExponent   INTEGER,  -- d
     prime1            INTEGER,  -- p
     prime2            INTEGER,  -- q
     exponent1         INTEGER,  -- d mod (p-1)
     exponent2         INTEGER,  -- d mod (q-1)
     coefficient       INTEGER,  -- (inverse of q) mod p
     otherPrimeInfos   OtherPrimeInfos OPTIONAL

Needless to say, there's a lot here, some or much of it is redudant and 
so not all of this is used for authentication (probably only n and e?).

This data get's ASN.1 encoded, then that gets Base64 encoded.  So 
corrupting one part of the Base64 encoded data may or may not break the 
ASN.1 decoding - if it does, then obviously the key is useless and the 
PEM load will fail.  And depending on which of the fields above you end 
up corrupting, this also may or may not break the use of the key for 

openssl rsa -check runs a whole series of additional checks to make sure 
all the fields match.  IMO, this is probably too expensive for the SSH 
client to be doing (can any OpenSSH guys comment?)

So, long storry short - there's nothing here, move along :-).  Sorry for 
any confusion, I should have researched more before I posted.


More information about the openssh-unix-dev mailing list