[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN

Subject: Re: ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN
From: Jakub Jelen <jjelen@xxxxxxxxxx>
Reply-to: libssh@xxxxxxxxxx
Date: Mon, 25 Feb 2019 09:57:29 +0100
To: libssh@xxxxxxxxxx

On Sun, 2019-02-24 at 18:38 +0100, g4-lisz@xxxxxxxxxxxx wrote:
> ... which IMHO does not make much sense:
> 
> #define OPENSSH_HEADER_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----"
> 
> So if we import a public key this code block will never be used:
> 
>      /* Test for new OpenSSH key format first */
>     cmp = strncmp(key_buf, OPENSSH_HEADER_BEGIN,
> strlen(OPENSSH_HEADER_BEGIN));
>     if (cmp == 0) {
>         *pkey = ssh_pki_openssh_pubkey_import(key_buf);
>         SAFE_FREE(key_buf);
>         if (*pkey == NULL) {
>             SSH_LOG(SSH_LOG_WARN, "Failed to import public key from
> OpenSSH"
>                                   " private key file");
>             return SSH_ERROR;
>         }
>         return SSH_OK;
>     }
> 
> Or am I missing something here?

This code is used to import public key from the OpenSSH private key
container [1]. This new format has advantage, that it has the public
key unencrypted unlike the old PEM files, which can be handy.

[1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.

Follow-Ups:
Re: ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN	g4-lisz@xxxxxxxxxxxx

References:
ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN	g4-lisz@xxxxxxxxxxxx

Archive administrator: postmaster@lists.cynapses.org