[jira] [Commented] (SSHD-984) Utility method to export KeyPair in OpenSSH format

Wed, 29 Apr 2020 06:55:22 -0700 


    [ 
https://issues.apache.org/jira/browse/SSHD-984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17095461#comment-17095461
 ] 

Thomas Wolf commented on SSHD-984:
----------------------------------

I tried to extend that prototype for better PEM writing (including encryption), 
but I think I don't quite understand how this should be done, or there are 
things missing in sshd. For instance, I don't see where and how I'd specify 
that I'd want to use PBKDF2WithHMAC-SHA1AndAES256-CBC for a 
passphrase-protected key to be written as a PKCS#8 PEM. So the PEM part of the 
prototype is really only a very rough sketch, and perhaps writing encrypted 
PEMs might indeed need Bouncy Castle.

The OpenSSH bcrypt format writing appears to work fine, though. (Tried only 
with AES.)

> Utility method to export KeyPair in OpenSSH format
> --------------------------------------------------
>
>                 Key: SSHD-984
>                 URL: https://issues.apache.org/jira/browse/SSHD-984
>             Project: MINA SSHD
>          Issue Type: New Feature
>    Affects Versions: 2.4.0
>            Reporter: David Ostrovsky
>            Priority: Minor
>         Attachments: sshd_key_writing.zip
>
>
> There are ongoing efforts in Gerrit Code Review and JGit projects to remove 
> dependency on JSch library: [1], [2]. Instead, MINA SSSD should be used on 
> both: client and server sides.
> One difficulty we are facing is the fact the MINA SSHD currently doesn't 
> provide any means to export generated KeyPair in OpenSSH format.
> Thomas Wolf added recently the ability to read encrypted OpenSSH private keys 
> in context of SSHD-708.
> With JSch this code would do the job:
> {code:java}
>   public static com.jcraft.jsch.KeyPair genSshKey() throws JSchException {
>     JSch jsch = new JSch();
>     return KeyPair.genKeyPair(jsch, KeyPair.ECDSA, 256);
>   }
>   public static String publicKey(com.jcraft.jsch.KeyPair sshKey, @Nullable 
> String comment)
>       throws UnsupportedEncodingException {
>     ByteArrayOutputStream out = new ByteArrayOutputStream();
>     sshKey.writePublicKey(out, comment);
>     return out.toString(US_ASCII.name()).trim();
>   }
>   public static byte[] privateKey(com.jcraft.jsch.KeyPair keyPair) {
>     ByteArrayOutputStream out = new ByteArrayOutputStream();
>     keyPair.writePrivateKey(out);
>     return out.toByteArray();
>   }
> {code}
> [1] [https://bugs.eclipse.org/bugs/show_bug.cgi?id=540727]
>  [2] [https://bugs.chromium.org/p/gerrit/issues/detail?id=12599]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org

Reply via email to