[Bug 3013] Use the PKCS#8 formatted PEM files instead of insecure "traditional PEM"
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Jul 15 23:21:54 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=3013
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Applied - thanks!
commit eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon Jul 15 13:16:29 2019 +0000
upstream: support PKCS8 as an optional format for storage of
private keys, enabled via "ssh-keygen -m PKCS8" on operations that
save
private keys to disk.
The OpenSSH native key format remains the default, but PKCS8 is a
superior format to PEM if interoperability with non-OpenSSH
software
is required, as it may use a less terrible KDF (IIRC PEM uses a
single
round of MD5 as a KDF).
adapted from patch by Jakub Jelen via bz3013; ok markus
OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list