You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Thomas Wolf (JIRA)" <ji...@apache.org> on 2018/11/29 23:20:00 UTC

[jira] [Commented] (SSHD-708) Add support for password encrypted ed25519 private key files

    [ https://issues.apache.org/jira/browse/SSHD-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704013#comment-16704013 ] 

Thomas Wolf commented on SSHD-708:
----------------------------------

Supporting encrypted OpenSSH key files is getting somewhat more urgent. OpenSSH has switched in recent versions its default settings and now by default creates key files that use its "new" format, and it always uses that format for ed25519 keys.

There is a Java library that implements the necessary Bcrypt KDF; available as maven artifact org.connectbot.jbcrypt:jbcrypt:1.0.0. That appears to be a copy of org.mindrot.jbcrypt, but with the pbkdf functionality added. License is ISC.

With that library, decrypting encrypted OpenSSH key files is possible. See [Eclipse bug 541703|https://bugs.eclipse.org/bugs/show_bug.cgi?id=541703] for some initial thoughts. For use in Eclipse I'll have to get legal clearance for that org.connectbot.jbcrypt artifact from the Eclipse legal team. What constraints exist on the Apache side? Would it be OK if I provided a PR that just consumes this maven artifact via a dependency? Would it also be OK if we just copied the source of this BCrypt implementation into the sshd source tree (the artifact contains only a single implementation class)? (In both cases I'll have to check with the Eclipse legal team if doing either would be OK with _them_...) And which would you prefer?

> Add support for password encrypted ed25519 private key files
> ------------------------------------------------------------
>
>                 Key: SSHD-708
>                 URL: https://issues.apache.org/jira/browse/SSHD-708
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 1.4.0
>            Reporter: Goldstein Lyor
>            Priority: Minor
>
> The current code supports only reading un-encrypted private key files



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)