[
https://issues.apache.org/jira/browse/SSHD-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704013#comment-16704013
]
Thomas Wolf commented on SSHD-708:
----------------------------------
Supporting encrypted OpenSSH key files is getting somewhat more urgent. OpenSSH
has switched in recent versions its default settings and now by default creates
key files that use its "new" format, and it always uses that format for ed25519
keys.
There is a Java library that implements the necessary Bcrypt KDF; available as
maven artifact org.connectbot.jbcrypt:jbcrypt:1.0.0. That appears to be a copy
of org.mindrot.jbcrypt, but with the pbkdf functionality added. License is ISC.
With that library, decrypting encrypted OpenSSH key files is possible. See
[Eclipse bug 541703|https://bugs.eclipse.org/bugs/show_bug.cgi?id=541703] for
some initial thoughts. For use in Eclipse I'll have to get legal clearance for
that org.connectbot.jbcrypt artifact from the Eclipse legal team. What
constraints exist on the Apache side? Would it be OK if I provided a PR that
just consumes this maven artifact via a dependency? Would it also be OK if we
just copied the source of this BCrypt implementation into the sshd source tree
(the artifact contains only a single implementation class)? (In both cases I'll
have to check with the Eclipse legal team if doing either would be OK with
_them_...) And which would you prefer?
> Add support for password encrypted ed25519 private key files
> ------------------------------------------------------------
>
> Key: SSHD-708
> URL: https://issues.apache.org/jira/browse/SSHD-708
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 1.4.0
> Reporter: Goldstein Lyor
> Priority: Minor
>
> The current code supports only reading un-encrypted private key files
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
