[
https://issues.apache.org/jira/browse/SSHD-984?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17096255#comment-17096255
]
Lyor Goldstein commented on SSHD-984:
-------------------------------------
{quote}
I tried to extend that prototype for better PEM writing (including encryption),
but I think I don't quite understand how this should be done, or there are
things missing in sshd.
{quote}
I don't think you should try to extend an existing prototype but rather
invent/establish a new one. If I were to suggest something it would a
counterpoint to {{KeyPairResourceLoader}} - e.g., {{KeyPairResourceWriter}}.
{quote}
I don't see where and how I'd specify that I'd want to use
PBKDF2WithHMAC-SHA1AndAES256-CBC for a passphrase-protected key to be written
as a PKCS#8 PEM.
{quote}
Since you are establishing an entirely new hierarchy, do whatever seems right
at the moment - try to make it as generic as possible, but don't fret about it
too much. I am perfectly content with having some initial "rough" code that we
will polish as we encounter new requests to modify it. If you really want to
emphasize that it is experimental try defining it in the {{sshd-contrib}}
module - if it only "consumes" other code and not needed by the other modules.
> Utility method to export KeyPair in OpenSSH format
> --------------------------------------------------
>
> Key: SSHD-984
> URL: https://issues.apache.org/jira/browse/SSHD-984
> Project: MINA SSHD
> Issue Type: New Feature
> Affects Versions: 2.4.0
> Reporter: David Ostrovsky
> Priority: Minor
> Attachments: sshd_key_writing.zip
>
>
> There are ongoing efforts in Gerrit Code Review and JGit projects to remove
> dependency on JSch library: [1], [2]. Instead, MINA SSSD should be used on
> both: client and server sides.
> One difficulty we are facing is the fact the MINA SSHD currently doesn't
> provide any means to export generated KeyPair in OpenSSH format.
> Thomas Wolf added recently the ability to read encrypted OpenSSH private keys
> in context of SSHD-708.
> With JSch this code would do the job:
> {code:java}
> public static com.jcraft.jsch.KeyPair genSshKey() throws JSchException {
> JSch jsch = new JSch();
> return KeyPair.genKeyPair(jsch, KeyPair.ECDSA, 256);
> }
> public static String publicKey(com.jcraft.jsch.KeyPair sshKey, @Nullable
> String comment)
> throws UnsupportedEncodingException {
> ByteArrayOutputStream out = new ByteArrayOutputStream();
> sshKey.writePublicKey(out, comment);
> return out.toString(US_ASCII.name()).trim();
> }
> public static byte[] privateKey(com.jcraft.jsch.KeyPair keyPair) {
> ByteArrayOutputStream out = new ByteArrayOutputStream();
> keyPair.writePrivateKey(out);
> return out.toByteArray();
> }
> {code}
> [1] [https://bugs.eclipse.org/bugs/show_bug.cgi?id=540727]
> [2] [https://bugs.chromium.org/p/gerrit/issues/detail?id=12599]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
