Keep number of rounds when changing passphrase or comment in private keep file
loic at venez.fr
Fri Apr 10 00:13:10 AEST 2020
And by the way, I created a small python script to partialy parse the
private key file (new format) to be able to verify that my patch is
Here is the script attached.
Just run it with the private key file in argument:
$ prog/parse_openssh_keys.py test
public_key len: 51
Hope it helps
On 09/04/2020, Loïc wrote :
> In ssh-keygen, if I set the number of rounds to a non default value
> using -a option and then change the passphrase or the comment:
> $ ssh-keygen -t ed25519 -Pfoobar -a 100 -f test
> $ ssh-keygen -c -C "foobar comment" -Pfoobar -f test
> The number of rounds is reset to the default value.
> I find this annoying because if I set the number of rounds to a given
> high number for security, I don't want it to be reduce behind my back
> when I change the passphrase or the comment.
> So, I have created patches to change this and make sure the number of
> rounds is preserved if it is not forced when changing the comment or
> I will send them in the following emails. There are based on the
> portable git (|https://anongit.mindrot.org/openssh.git).|
> I'm open to your comments (in particular, I'm not pleased with the name
> of the struct sshkey_vault). Also, I'm wondering if the comment itself
> shouldn't be move to this structure.
> Also, I'm considering to add more field to this structure, like the salt
> and cypher, in order to add a feature that display the information about
> the keyfile (type, cypher type, key derivation type, number of rounds,
> Thank you
> Best regards
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2783 bytes
Desc: not available
More information about the openssh-unix-dev