Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update OpenSSH Key V1 parsing using CRT information for RSA Private Keys #726

Merged
merged 3 commits into from
Sep 27, 2021

Conversation

exceptionfactory
Copy link
Contributor

Key parsing in OpenSSHKeyV1KeyFile currently parses RSA Private Keys and returns an RSAPrivateKeySpec containing the modulus and private exponent. As a result of this approached, the BouncyCastle implementation of RSAPrivateKey.getEncoded() returns 0 for all other fields when serializing the the key to an ASN.1 encoded PrivateKeyInfo byte array. This creates problems writing RSA Private Keys to PKCS8 PEM files as described in issue #705.

This pull request updates RSA Private Key parsing in OpenSSHKeyV1KeyFile to read and use the available elements of the RSA Private Key. Following RFC 8017 Section 3.2, the updated approach calculates the Prime Exponent P and Prime Exponent Q values, then returns an RSAPrivateCrtKeySpec for conversion into a standard java.security.PrivateKey. The implementation returns a complete representation of the ASN.1 encoded PrivateKeyInfo when calling PrivateKey.getEncoded(). This pull request includes a new unit test that compares the public exponent values against the parsed RSA Public Key, and also compares the expected computed exponents.

Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
@hierynomus hierynomus merged commit 03dd1aa into hierynomus:master Sep 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants