[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Passphrase not working for ssh_pki_export_privkey_file
[Thread Prev] | [Thread Next]
- Subject: Re: Passphrase not working for ssh_pki_export_privkey_file
- From: Julian Lunz <git@xxxxxxxx>
- Reply-to: libssh@xxxxxxxxxx
- Date: Thu, 5 Feb 2015 16:21:03 +0100
- To: libssh@xxxxxxxxxx
I had time to dig a bit further.
The function pki_private_key_to_pem in src/pki_crypto.c +554
is missing a cipher in case of passphrase != NULL.
ssh-keygen uses AES-128-CBC therefore this is used in the attached
patch.
Is the mailing list the preferred way for patches or better via Redmine?
On Tue, 27 Jan 2015 23:11:11 +0100
Julian Lunz <git@xxxxxxxx> wrote:
> Hi,
>
> I have that snippet of pki_generate and pki_export listed below.
> I would expect priv_key to contain plain RSA private key and
> priv_key_encrypted to be an encrypted version.
>
> But I get two identical files with plain RSA private key,
> am I missing something here?
>
> Thanks a lot for your help.
>
> Julian
>
> ---
> #include <stdio.h>
> #include <libssh/libssh.h>
>
> int main(void)
> {
> ssh_key mKey;
> int rc;
> const char *passphrase = "secret";
>
> rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &mKey);
> if(rc != SSH_OK)
> fprintf(stderr, "Error");
>
> rc = ssh_pki_export_privkey_file(mKey,
> NULL,
> NULL,
> NULL,
> "/tmp/priv_key");
> if(rc != SSH_OK)
> fprintf(stderr, "Error");
>
> rc = ssh_pki_export_privkey_file(mKey,
> passphrase,
> NULL,
> NULL,
> "/tmp/priv_key_encrypted");
> if(rc != SSH_OK)
> fprintf(stderr, "Error");
>
> return 0;
> }
>
>
From 05ea65c9f554b85b5dce6cbd176d0f8ab9910ab8 Mon Sep 17 00:00:00 2001
From: Julian Lunz <git@xxxxxxxx>
Date: Thu, 5 Feb 2015 16:12:28 +0100
Subject: [PATCH] Fix pki_private_key_to_pem by adding cipher
---
src/pki_crypto.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index b53bba2..77fa14c 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -586,7 +586,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
} else {
rc = PEM_write_bio_DSAPrivateKey(mem,
key->dsa,
- NULL, /* cipher */
+ EVP_aes_128_cbc(), /* cipher */
NULL, /* kstr */
0, /* klen */
NULL, /* auth_fn */
@@ -611,7 +611,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
} else {
rc = PEM_write_bio_RSAPrivateKey(mem,
key->rsa,
- NULL, /* cipher */
+ EVP_aes_128_cbc(), /* cipher */
NULL, /* kstr */
0, /* klen */
NULL, /* auth_fn */
@@ -636,7 +636,7 @@ ssh_string pki_private_key_to_pem(const ssh_key key,
} else {
rc = PEM_write_bio_ECPrivateKey(mem,
key->ecdsa,
- NULL, /* cipher */
+ EVP_aes_128_cbc(), /* cipher */
NULL, /* kstr */
0, /* klen */
NULL, /* auth_fn */
--
2.2.2
| Re: Passphrase not working for ssh_pki_export_privkey_file | Andreas Schneider <asn@xxxxxxxxxxxxxx> |