You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bcrypto is silently assuming that "OPENSSH PRIVATE KEY" <=> ED25519 key. And this isn't true. In fact, recent ssh-keygen now puts all keys in "OPENSSH PRIVATE KEY" format, regardless of the type of key. I've tested on Mac OS Mojave (OpenSSH_7.9p1, LibreSSL 2.7.3) and ArchLinux (OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018) and been bitten by this. On the other hand, Debian stable still uses OpenSSH_7.4p1 Debian-10+deb9u5, OpenSSL 1.0.2r 26 Feb 2019, and that defaults RSA keys to the old style, which is compatible with bcrypto.
The text was updated successfully, but these errors were encountered:
OpenSSH has a new format. Its spec is here. It can encode any type of key openssh supports, but in
bcrypto/lib/ssh.js
Lines 520 to 522 in 934f5ea
and in
bcrypto/lib/ssh.js
Lines 610 to 612 in 934f5ea
which calls
bcrypto/lib/ssh.js
Lines 423 to 424 in 934f5ea
bcrypto
is silently assuming that "OPENSSH PRIVATE KEY" <=> ED25519 key. And this isn't true. In fact, recentssh-keygen
now puts all keys in "OPENSSH PRIVATE KEY" format, regardless of the type of key. I've tested on Mac OS Mojave (OpenSSH_7.9p1, LibreSSL 2.7.3) and ArchLinux (OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018) and been bitten by this. On the other hand, Debian stable still uses OpenSSH_7.4p1 Debian-10+deb9u5, OpenSSL 1.0.2r 26 Feb 2019, and that defaults RSA keys to the old style, which is compatible withbcrypto
.The text was updated successfully, but these errors were encountered: