Keep number of rounds when changing passphrase or comment in private keep file
Loïc
loic at venez.fr
Fri Apr 10 00:02:49 AEST 2020
Hi,
In ssh-keygen, if I set the number of rounds to a non default value
using -a option and then change the passphrase or the comment:
$ ssh-keygen -t ed25519 -Pfoobar -a 100 -f test
$ ssh-keygen -c -C "foobar comment" -Pfoobar -f test
The number of rounds is reset to the default value.
I find this annoying because if I set the number of rounds to a given
high number for security, I don't want it to be reduce behind my back
when I change the passphrase or the comment.
So, I have created patches to change this and make sure the number of
rounds is preserved if it is not forced when changing the comment or
passphrase.
I will send them in the following emails. There are based on the
portable git (|https://anongit.mindrot.org/openssh.git).|
I'm open to your comments (in particular, I'm not pleased with the name
of the struct sshkey_vault). Also, I'm wondering if the comment itself
shouldn't be move to this structure.
Also, I'm considering to add more field to this structure, like the salt
and cypher, in order to add a feature that display the information about
the keyfile (type, cypher type, key derivation type, number of rounds,
comment...)
Thank you
Best regards
Loïc
More information about the openssh-unix-dev
mailing list