[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Passphrase not working for ssh_pki_export_privkey_file


I had time to dig a bit further.

The function pki_private_key_to_pem in src/pki_crypto.c +554
is missing a cipher in case of passphrase != NULL.

ssh-keygen uses AES-128-CBC therefore this is used in the attached
patch.

Is the mailing list the preferred way for patches or better via Redmine?


On Tue, 27 Jan 2015 23:11:11 +0100
Julian Lunz <git@xxxxxxxx> wrote:

> Hi,
> 
> I have that snippet of pki_generate and pki_export listed below.
> I would expect priv_key to contain plain RSA private key and
> priv_key_encrypted to be an encrypted version.
> 
> But I get two identical files with plain RSA private key, 
> am I missing something here?
> 
> Thanks a lot for your help.
> 
> Julian
> 
> ---
> #include <stdio.h>
> #include <libssh/libssh.h>
> 
> int main(void)
> {
>     ssh_key mKey;
>     int rc;
>     const char *passphrase = "secret";
> 
>     rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &mKey);
>     if(rc != SSH_OK)
>         fprintf(stderr, "Error");
> 
>     rc = ssh_pki_export_privkey_file(mKey, 
> 				     NULL, 
> 				     NULL, 
> 	                             NULL, 
> 				     "/tmp/priv_key");
>     if(rc != SSH_OK)
>         fprintf(stderr, "Error");
> 
>     rc = ssh_pki_export_privkey_file(mKey, 
>                                      passphrase, 
>                                      NULL, 
>                                      NULL, 
>                                      "/tmp/priv_key_encrypted");
>     if(rc != SSH_OK)
>         fprintf(stderr, "Error");
> 
>     return 0;
> }
> 
> 
From 05ea65c9f554b85b5dce6cbd176d0f8ab9910ab8 Mon Sep 17 00:00:00 2001
From: Julian Lunz <git@xxxxxxxx>
Date: Thu, 5 Feb 2015 16:12:28 +0100
Subject: [PATCH] Fix pki_private_key_to_pem by adding cipher

---
 src/pki_crypto.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index b53bba2..77fa14c 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -586,7 +586,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             } else {
                 rc = PEM_write_bio_DSAPrivateKey(mem,
                                                  key->dsa,
-                                                 NULL, /* cipher */
+                                                 EVP_aes_128_cbc(), /* cipher */
                                                  NULL, /* kstr */
                                                  0, /* klen */
                                                  NULL, /* auth_fn */
@@ -611,7 +611,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             } else {
                 rc = PEM_write_bio_RSAPrivateKey(mem,
                                                  key->rsa,
-                                                 NULL, /* cipher */
+                                                 EVP_aes_128_cbc(), /* cipher */
                                                  NULL, /* kstr */
                                                  0, /* klen */
                                                  NULL, /* auth_fn */
@@ -636,7 +636,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
             } else {
                 rc = PEM_write_bio_ECPrivateKey(mem,
                                                 key->ecdsa,
-                                                NULL, /* cipher */
+                                                EVP_aes_128_cbc(), /* cipher */
                                                 NULL, /* kstr */
                                                 0, /* klen */
                                                 NULL, /* auth_fn */
-- 
2.2.2


Follow-Ups:
Re: Passphrase not working for ssh_pki_export_privkey_fileAndreas Schneider <asn@xxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org