Keep number of rounds when changing passphrase or comment in private keep file

Loïc loic at
Fri Apr 10 00:02:49 AEST 2020


In ssh-keygen, if I set the number of rounds to a non default value
using -a option and then change the passphrase or the comment:

$ ssh-keygen -t ed25519 -Pfoobar -a 100 -f test
$ ssh-keygen -c -C "foobar comment" -Pfoobar -f test

The number of rounds is reset to the default value.

I find this annoying because if I set the number of rounds to a given
high number for security, I don't want it to be reduce behind my back
when I change the passphrase or the comment.

So, I have created patches to change this and make sure the number of
rounds is preserved if it is not forced when changing the comment or

I will send them in the following emails. There are based on the
portable git (||

I'm open to your comments (in particular, I'm not pleased with the name
of the struct sshkey_vault). Also, I'm wondering if the comment itself
shouldn't be move to this structure.

Also, I'm considering to add more field to this structure, like the salt
and cypher, in order to add a feature that display the information about
the keyfile (type, cypher type, key derivation type, number of rounds,

Thank you

Best regards


More information about the openssh-unix-dev mailing list