-
Notifications
You must be signed in to change notification settings - Fork 601
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for OpenSSH new key file format #279
Conversation
@dkocher Can you test it out? |
@hierynomus Will do today! |
It's a bit later then I wanted, but it took some experimenting ;) |
return readUnencrypted(privateKeyBuffer, publicKey); | ||
} else { | ||
logger.info("Keypair is encrypted with: " + cipherName + ", " + kdfName + ", " + kdfOptions); | ||
throw new IOException("Cannot read encrypted keypair with " + cipherName + " yet.."); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Double full stop.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What additional work is required to support encrypted keys?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have to figure out how the 'altered' bcrypt implementation works... i.e. seems non-trivial at the moment.
* Reads a key file in the new OpenSSH format. | ||
* The format is described in the following document: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key | ||
*/ | ||
public class OpenSSHKeyV1KeyFile extends BaseFileKeyProvider { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The class name is somewhat uneloquent.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestion for a better one?
I have tested this with a private key of mine and it works as advertised. |
Yay! If you can think of a better class name I'll rename it. Else I'll leave that for a moment. Going through this code again, it could use a lot of cleanup. I want to split off the keyfile format from the keytype stored in there. Will do that separately though. |
When I pass a non-null public key to |
The new format is used for ed-25519 keys.
Only support for non-encrypted keys currently.