java-http-signature icon indicating copy to clipboard operation
java-http-signature copied to clipboard

Published 20 hours ago verified publisher icon TritonDataCenter

support the "new" openssh private key format

Open cburroughs opened this issue 8 years ago • 0 comments

This is another kind of special openssh format that starts with BEGIN OPENSSH PRIVATE KEY. This format is always used for Ed25519 keys (#31)

 * Add a new private key format that uses a bcrypt KDF to better
   protect keys at rest. This format is used unconditionally for
   Ed25519 keys, but may be requested when generating or saving
   existing keys of other types via the -o ssh-keygen(1) option.
   We intend to make the new format the default in the near future.
   Details of the new format are in the PROTOCOL.key file.
https://www.openssh.com/txt/release-6.5
  • NOTE: "bcrypt" kdf is actually bcrypt_pbkdf
  • http://www.tedunangst.com/flak/post/new-openssh-key-format-and-bcrypt-pbkdf
  • https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key

cburroughs avatar Apr 05 '17 20:04 cburroughs