Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: add methods to marshal private keys to the OpenSSH format #37132

Open
maraino opened this issue Feb 8, 2020 · 14 comments
Open

x/crypto/ssh: add methods to marshal private keys to the OpenSSH format #37132

maraino opened this issue Feb 8, 2020 · 14 comments
Labels
NeedsFix Proposal-Accepted Proposal-Crypto
Milestone

Comments

@maraino
Copy link

@maraino maraino commented Feb 8, 2020

What version of Go are you using (go version)?

$ go version
go version go1.13.6 darwin/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

Applies to all OSes.

What did you do?

N/A

What did you expect to see?

N/A

What did you see instead?

N/A

Proposal

x/crypto/ssh now has methods to parse private keys using OpenSSH format, but there's no way to write those keys so they can be used by OpenSSH. My proposal is to add the following methods to the x/crypto/ssh package:

MarshalPrivateKey(key crypto.PrivateKey, comment string) (*pem.Block, error) 

MarshalPrivateKeyWithPassphrase(key crypto.PrivateKey, comment string, passphrase []byte) (*pem.Block, error)

OpenSSH supports the PKCS#1 and EC private keys, but only supports Ed25519 using the OpenSSH format, but newer versions are already using the new format for all types of keys.

I've already coded those methods and will push a contribution asap.

@gopherbot gopherbot added this to the Proposal milestone Feb 8, 2020
@gopherbot
Copy link

@gopherbot gopherbot commented Feb 8, 2020

Change https://golang.org/cl/218620 mentions this issue: ssh: support for marshaling keys using the OpenSSH format

@FiloSottile FiloSottile added the Proposal-Crypto label Feb 11, 2020
@FiloSottile
Copy link
Contributor

@FiloSottile FiloSottile commented Feb 11, 2020

Looks good to me. Returning a *pem.Block seems like a good compromise between returning PEM encoded []byte, which is weird, and being consistent with the parsing function, which takes PEM.

@rsc rsc added this to Active in Proposals Feb 12, 2020
@rsc
Copy link
Contributor

@rsc rsc commented Feb 12, 2020

Will add to the proposal minutes. Seems headed for likely accept.

@rsc
Copy link
Contributor

@rsc rsc commented Feb 26, 2020

Based on the discussion above, seems like a likely accept.

@rsc rsc moved this from Active to Likely Accept in Proposals Feb 26, 2020
@rsc rsc changed the title proposal: x/crypto/ssh: add methods to marshal private keys to the OpenSSH format proposal: x/crypto/ssh: add methods to marshal private keys to the OpenSSH format Feb 26, 2020
@rsc
Copy link
Contributor

@rsc rsc commented Mar 4, 2020

No change in consensus, so accepted.

@rsc rsc moved this from Likely Accept to Accepted in Proposals Mar 4, 2020
@rsc rsc removed this from the Proposal milestone Mar 4, 2020
@rsc rsc added this to the Backlog milestone Mar 4, 2020
@rsc rsc changed the title proposal: x/crypto/ssh: add methods to marshal private keys to the OpenSSH format x/crypto/ssh: add methods to marshal private keys to the OpenSSH format Mar 4, 2020
@rsc rsc removed this from the Backlog milestone Mar 4, 2020
@rsc rsc added this to the Unreleased milestone Mar 4, 2020
@FiloSottile FiloSottile added NeedsFix and removed Proposal labels Mar 4, 2020
@maraino
Copy link
Author

@maraino maraino commented Mar 24, 2020

@FiloSottile @katiehockman I'm not sure why the label NeedsFix is set, I proposed a change when I created the proposal https://golang.org/cl/218620

@FiloSottile
Copy link
Contributor

@FiloSottile FiloSottile commented Mar 24, 2020

That label simply means it's ready for a CL. It's usually the terminal state for issues before getting closed. (I did however not notice the CL when I assigned the issue to @katiehockman.)

@owenthereal
Copy link

@owenthereal owenthereal commented May 28, 2021

👋 Checking to see if there is any progress is made. I have been using https://github.com/mikesmitty/edkey & https://pkg.go.dev/github.com/ScaleFT/sshkeys?utm_source=godoc#Marshal to marshal ED25519 private key into the OpenSSH private key format. It would be nice this is supported in Go stdlib.

@cespare
Copy link
Contributor

@cespare cespare commented Sep 8, 2021

We need this as well. It's necessary if you want to generate an Ed25519 key pair with Go code that OpenSSH will use.

@FiloSottile this open CL has been unreviewed for 18 months. Can you please take a look or assign someone else to review it?

Would it speed things up if I did a round of CR?

@mpls
Copy link

@mpls mpls commented Feb 1, 2022

Can I know the current progress?

@detro
Copy link

@detro detro commented Feb 17, 2022

I have been using https://github.com/mikesmitty/edkey & https://pkg.go.dev/github.com/ScaleFT/sshkeys?utm_source=godoc#Marshal to marshal ED25519 private key into the OpenSSH private key format...

I'm currently investigating using the same for a new feature for the terraform-provider-tls that ships with Terraform (hashicorp/terraform-provider-tls#150), and Vault project just fixed marshalling ED25519 keys to OpenSSH format (hashicorp/vault#14101).

It would be really nice (and probably safer, because of larger exposure) to support marshalling private keys in OpenSSH format in x/crypto/ssh.

@cespare
Copy link
Contributor

@cespare cespare commented May 25, 2022

This is an approved proposal with a CL that has been waiting for review for more than two years.

@detro
Copy link

@detro detro commented May 25, 2022

The way I solved it for Terraform's TLS Provider, is to keep a copy of the functions added with this proposal.

Of course, wildly suboptimal.

@caarlos0
Copy link
Contributor

@caarlos0 caarlos0 commented May 25, 2022

fwiw I copied that CL into a package if anyone else needs it: https://github.com/caarlos0/sshmarshal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsFix Proposal-Accepted Proposal-Crypto
Projects
Proposals
Accepted
Development

No branches or pull requests

10 participants