[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN
[Thread Prev] | [Thread Next]
- Subject: Re: ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN
- From: g4-lisz@xxxxxxxxxxxx
- Reply-to: libssh@xxxxxxxxxx
- Date: Mon, 25 Feb 2019 11:56:15 +0100
- To: libssh@xxxxxxxxxx
On 25.02.19 09:57, Jakub Jelen wrote:
> On Sun, 2019-02-24 at 18:38 +0100, g4-lisz@xxxxxxxxxxxx wrote:
>> ... which IMHO does not make much sense:
>>
>> #define OPENSSH_HEADER_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----"
>>
>> So if we import a public key this code block will never be used:
>>
>> /* Test for new OpenSSH key format first */
>> cmp = strncmp(key_buf, OPENSSH_HEADER_BEGIN,
>> strlen(OPENSSH_HEADER_BEGIN));
>> if (cmp == 0) {
>> *pkey = ssh_pki_openssh_pubkey_import(key_buf);
>> SAFE_FREE(key_buf);
>> if (*pkey == NULL) {
>> SSH_LOG(SSH_LOG_WARN, "Failed to import public key from
>> OpenSSH"
>> " private key file");
>> return SSH_ERROR;
>> }
>> return SSH_OK;
>> }
>>
>> Or am I missing something here?
> This code is used to import public key from the OpenSSH private key
> container [1]. This new format has advantage, that it has the public
> key unencrypted unlike the old PEM files, which can be handy.
>
> [1] https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD
Thank you for the explanation. Actually it's clear when I read the
warning log on failure... But I couldn't find any key sample which
starts with BEGIN OPENSSH PRIVATE KEY but also contains a public key.
Cheers,
Till
| Re: ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN | Jakub Jelen <jjelen@xxxxxxxxxx> |
| ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN | g4-lisz@xxxxxxxxxxxx |
| Re: ssh_pki_import_pubkey_file checks for OPENSSH_HEADER_BEGIN | Jakub Jelen <jjelen@xxxxxxxxxx> |