Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: add methods to marshal private keys to the OpenSSH format #37132

Open
maraino opened this issue Feb 8, 2020 · 7 comments
Open

x/crypto/ssh: add methods to marshal private keys to the OpenSSH format #37132

maraino opened this issue Feb 8, 2020 · 7 comments

Comments

@maraino
Copy link

@maraino maraino commented Feb 8, 2020

What version of Go are you using (go version)?

$ go version
go version go1.13.6 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

Applies to all OSes.

What did you do?

N/A

What did you expect to see?

N/A

What did you see instead?

N/A

Proposal

x/crypto/ssh now has methods to parse private keys using OpenSSH format, but there's no way to write those keys so they can be used by OpenSSH. My proposal is to add the following methods to the x/crypto/ssh package:

MarshalPrivateKey(key crypto.PrivateKey, comment string) (*pem.Block, error) 

MarshalPrivateKeyWithPassphrase(key crypto.PrivateKey, comment string, passphrase []byte) (*pem.Block, error)

OpenSSH supports the PKCS#1 and EC private keys, but only supports Ed25519 using the OpenSSH format, but newer versions are already using the new format for all types of keys.

I've already coded those methods and will push a contribution asap.

@gopherbot gopherbot added this to the Proposal milestone Feb 8, 2020
@gopherbot gopherbot added the Proposal label Feb 8, 2020
@gopherbot
Copy link

@gopherbot gopherbot commented Feb 8, 2020

Change https://golang.org/cl/218620 mentions this issue: ssh: support for marshaling keys using the OpenSSH format

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Feb 11, 2020

Looks good to me. Returning a *pem.Block seems like a good compromise between returning PEM encoded []byte, which is weird, and being consistent with the parsing function, which takes PEM.

@rsc rsc added this to Active in Proposals Feb 12, 2020
@rsc
Copy link
Contributor

@rsc rsc commented Feb 12, 2020

Will add to the proposal minutes. Seems headed for likely accept.

@rsc
Copy link
Contributor

@rsc rsc commented Feb 26, 2020

Based on the discussion above, seems like a likely accept.

@rsc rsc moved this from Active to Likely Accept in Proposals Feb 26, 2020
@rsc rsc changed the title proposal: x/crypto/ssh: add methods to marshal private keys to the OpenSSH format proposal: x/crypto/ssh: add methods to marshal private keys to the OpenSSH format Feb 26, 2020
@rsc
Copy link
Contributor

@rsc rsc commented Mar 4, 2020

No change in consensus, so accepted.

@rsc rsc moved this from Likely Accept to Accepted in Proposals Mar 4, 2020
@rsc rsc modified the milestones: Proposal, Backlog Mar 4, 2020
@rsc rsc changed the title proposal: x/crypto/ssh: add methods to marshal private keys to the OpenSSH format x/crypto/ssh: add methods to marshal private keys to the OpenSSH format Mar 4, 2020
@rsc rsc modified the milestones: Backlog, Unreleased Mar 4, 2020
@FiloSottile FiloSottile added NeedsFix and removed Proposal labels Mar 4, 2020
@maraino
Copy link
Author

@maraino maraino commented Mar 24, 2020

@FiloSottile @katiehockman I'm not sure why the label NeedsFix is set, I proposed a change when I created the proposal https://golang.org/cl/218620

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Mar 24, 2020

That label simply means it's ready for a CL. It's usually the terminal state for issues before getting closed. (I did however not notice the CL when I assigned the issue to @katiehockman.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
Proposals
Accepted
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.