New Format Keys are unsupported

[kousu]

OpenSSH has a new format. Its spec is here. It can encode any type of key openssh supports, but in

bcrypto/lib/ssh.js

Lines 520 to 522 in 934f5ea

	case keyTypes.ED25519: {
	block.type = 'OPENSSH PRIVATE KEY';
	break;

and in

bcrypto/lib/ssh.js

Lines 610 to 612 in 934f5ea

	case 'OPENSSH PRIVATE KEY': { // OpenSSH format
	return this.decodeSSH(block.data, passwd);
	}

which calls

bcrypto/lib/ssh.js

Lines 423 to 424 in 934f5ea

	if (rawKey.type !== keyTypes.ED25519)
	throw new Error('Invalid key.');

bcrypto is silently assuming that "OPENSSH PRIVATE KEY" <=> ED25519 key. And this isn't true. In fact, recent ssh-keygen now puts all keys in "OPENSSH PRIVATE KEY" format, regardless of the type of key. I've tested on Mac OS Mojave (OpenSSH_7.9p1, LibreSSL 2.7.3) and ArchLinux (OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018) and been bitten by this. On the other hand, Debian stable still uses OpenSSH_7.4p1 Debian-10+deb9u5, OpenSSL 1.0.2r 26 Feb 2019, and that defaults RSA keys to the old style, which is compatible with bcrypto.

[kousu]

For anyone who is stumped by this and needs a workaround until a patch gets written, you can use with any private key.

ssh-keygen -p -m PEM -f ~/.ssh/id_rsa

but beware this:

• will ask you to change the password on the key (you can just reset it to the same one)
• is in-place and therefore destructive ; in theory you can change back to the other format after but be careful.