[Bug 1550] Move from 3DES to AES-256 for private key encryption

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 23 07:54:12 EST 2009


--- Comment #2 from Jim Knoble <jmknoble at pobox.com>  2009-01-23 07:54:11 ---
Date: Wed, 21 Jan 2009 15:16:31 +1100 (EST)
From: Damien Miller <djm at mindrot.org>
To: Jim Knoble <jmknoble at pobox.com>
Subject: Re: OpenSSH private key encryption: time for AES?
In-Reply-To: <20090121014237.GD29074 at crawfish.ais.com>
Message-ID: <alpine.BSO.1.10.0901211509560.5581 at fuyu.mindrot.org>
References: <20090120060635.GA29074 at crawfish.ais.com>
 <alpine.BSO.1.10.0901201822540.5492 at fuyu.mindrot.org>
 <20090121014237.GD29074 at crawfish.ais.com>
Cc: OpenSSH Devel <openssh-unix-dev at mindrot.org>

On Tue, 20 Jan 2009, Jim Knoble wrote:

> Circa 2009-01-20 02:30 dixit Damien Miller:
> : On Tue, 20 Jan 2009, Jim Knoble wrote:
> : 
> : > [...]how can i encrypt my 4096-bit SSH RSA keypair with
> : > something like AES-128, AES-256, or Twofish instead of 3DES and still
> : > use it with OpenSSH?  Can ssh-add read (unencrypted) key data from stdin?
> Experimentation has shown that the following will add a key to a running
> ssh-agent (OpenSSH_4.6p1, Ubuntu 7.10):
>     $ cat id_rsa-unencrypted |ssh-add /dev/stdin
>     $ ssh-add -l |fgrep /dev/stdin
>     2048 xx:xx:xx:...:xx:xx:xx /dev/stdin (RSA)
>     $ 
> However, the following will not remove the key from the agent:
>     $ cat id_rsa-unencrypted |ssh-add -d /dev/stdin
>     Bad key file /dev/stdin
>     $ 

Does that work without the patch? I don't think it would even with
the current cipher because it needs to reread the file IIRC.

> If both operations worked, then one could use an external
> encryption/decryption facility with one's private keys, e.g.:
>     openssl enc -d -in ~/.ssh/id_rsa -aes-256-cbc |ssh-add /dev/stdin
> (although it would take a passphrase to remove a key from ssh-agent).

Wouldn't this just require the former to work? You'd be passing keys
to ssh-agent in unencrypted form always, no?

> : If you want to change it then you can do something like [a one-liner
> : change to authfile.c]. It probably wouldn't hurt to change - new
> : installations will still be able to read old keys
> It would be nice for newer OpenSSH to be able to produce private keys
> usable by older OpenSSH as well.

The key encryption for SSH protocol 2 keys is done by OpenSSL's PEM
functions, so AES should be supported by any OpenSSL version that
AES in PEM. IIRC this has been supported for a number of years.

> Any chance of an option in ssh-keygen to specify the cipher?  E.g.:

No, I think that would be a microknob that add little value, and
has waaaay to many buttons already.

If we change then it should be to the best encryption that is supported
widely deployed SSL/OpenSSH versions.


Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list