[Bug 1550] Move from 3DES to AES-256 for private key encryption

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 23 07:52:36 EST 2009 

https://bugzilla.mindrot.org/show_bug.cgi?id=1550





--- Comment #1 from Jim Knoble <jmknoble at pobox.com>  2009-01-23 07:52:35 ---
Date: Tue, 20 Jan 2009 20:42:38 -0500
From: Jim Knoble <jmknoble at pobox.com>
To: OpenSSH Devel <openssh-unix-dev at mindrot.org>
Subject: Re: OpenSSH private key encryption: time for AES?
Message-ID: <20090121014237.GD29074 at crawfish.ais.com>
Mail-Followup-To: OpenSSH Devel <openssh-unix-dev at mindrot.org>
References: <20090120060635.GA29074 at crawfish.ais.com>
 <alpine.BSO.1.10.0901201822540.5492 at fuyu.mindrot.org>
In-Reply-To: <alpine.BSO.1.10.0901201822540.5492 at fuyu.mindrot.org>

Circa 2009-01-20 02:30 dixit Damien Miller:

: On Tue, 20 Jan 2009, Jim Knoble wrote:
: 
: > [...]how can i encrypt my 4096-bit SSH RSA keypair with
: > something like AES-128, AES-256, or Twofish instead of 3DES and
still
: > use it with OpenSSH?  Can ssh-add read (unencrypted) key data from
stdin?

Experimentation has shown that the following will add a key to a
running
ssh-agent (OpenSSH_4.6p1, Ubuntu 7.10):

    $ cat id_rsa-unencrypted |ssh-add /dev/stdin
    $ ssh-add -l |fgrep /dev/stdin
    2048 xx:xx:xx:...:xx:xx:xx /dev/stdin (RSA)
    $ 

However, the following will not remove the key from the agent:

    $ cat id_rsa-unencrypted |ssh-add -d /dev/stdin
    Bad key file /dev/stdin
    $ 

If both operations worked, then one could use an external
encryption/decryption facility with one's private keys, e.g.:

    openssl enc -d -in ~/.ssh/id_rsa -aes-256-cbc |ssh-add /dev/stdin

(although it would take a passphrase to remove a key from ssh-agent).

: If you want to change it then you can do something like [a one-liner
: change to authfile.c]. It probably wouldn't hurt to change - new
: installations will still be able to read old keys

It would be nice for newer OpenSSH to be able to produce private keys
usable by older OpenSSH as well.

Any chance of an option in ssh-keygen to specify the cipher?  E.g.:

    # Use '-E' with any of: 3des-cbc, aes128-cbc, aes192-cbc,
aes256-cbc
    ssh-keygen -t rsa -E aes256-cbc

Alternatively:

    # Encrypt with AES-256:
    ssh-keygen -t rsa -A

    # Encrypt with 3DES:
    ssh-keygen -t rsa -3

    # Use default encryption:
    ssh-keygen -t rsa

Finally:

    # Encrypt with AES-256:
    ssh-keygen -t rsa

    # Encrypt with 3DES ('-O' for "old"):
    ssh-keygen -t rsa -O:1

Cheers,
jim

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list