Error loading key from attachment - PuTTY PPK v3 format

[rucksman]

I use KeePass/KeeAgent since a long time with no problem. Today I created a new key for a new VPS, and for the first time I have problems.

I created the key as usual with PuTTYgen (ECDSA, nistp521). I attached the ppk file to the respective entry in KeePass. Then in "Private Key File Location" I select this file with "Attachment". Under "Key Info" there is this error message in the "Comment" field: Error loading key from attachment

Is this a problem with the ECDSA key? This is the first time with a ECDSA key, before that I used RSA keys without a problem. But the key itself look ok, it is the same structure as the RSA key.

[dlech]

PuTTY has probably added a new algorithm that isn't supported yet.

[rucksman]

Tried it with RSA key as well, same result. Also when going to "Tools" - "KeeAgent" - "Add ..." I get errors, for ECDSA and RSA as well.

[rucksman]

Found it. Changelog for PuTTY 0.75: Upgraded private key file format to PPK3, with improved passphrase hashing and no use of SHA-1

After setting "Key" - "Parameters for saving key files ..." - "PPK file version" in PuTTYgen to "2" it works again.

[dlech]

I think we should support this new format as well.

[tho-gru]

Hi,

PuTTYgen version 0.74 creates a private key file like this:

PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: test-0.74
Public-Lines: 6
AAAAB3NzaC1yc2EAAAABJQAAAQEAuRcVde4n54qd7Ahy4DaqEgyZKRQZx5VjCRq5
qpku1lPPVIyEvWR/8qDtRiFsM1irITxHuTNgrronIlcY40YDhYLuT3smLKPc0IQ6
NKJOdRW7rhRTPSnq+U3IrJHHZgabpY3NeiNtBM0iImDd1Tl0gfg0sHBHTsuYPkqa
MYNTOnjw9siPqDsw1Kn/H115InJvCqgFbpRtxrxoVzpoB9l35RgbZFGLMAaoqp7y
laYb5buICCgEr2HuD0U8F2mwvZ6WBUZge0CxVVzbNrXvaqBxjxXPUqqvxH0jyVQU
YgxJSswPLxf05XrYJ7JHWdCRmzs4cWnqhKmLDpvmMkHo9sKsvQ==
Private-Lines: 14
GJa1tC3NyyWpGqbYSdFkZzVaM7Twu3epc3RkGGSJPqAlHUUrCTqDkG4ifsMcaKDN
yoX9IsbEruOxsQFhwGYm9VOGLVcac4/Z6FTCjXRaJ+ICmlJdYFSlp9mpCXbaGNTt
3hKhiBxAhRfOrgnBGYhHRkUdOFTakhzO89lTJ0VQ0n+SmqzL30m4DZwp8B0CJhsR
fYeCcEGBSRGMlXg+cqanYSadThwTccXWUY2Gwz0RmIqv1DNQ6EfS0NIhKx9yMafi
nX1G+eXBifHwqtsFItH4Z1Qam5kB2w+8OjRvet7/EYuKvGQnk6hgJU4G/iXhIOoj
KKhu8WUjlnhL++RMLoE2QTCiR2Hq4HK5cTAke91vU7a3wL1ii+uoBGtZNwzecbR7
8C9ajVnkk1ZMF7tQCrEzCondsUZGjVTH0jIf4r7CF3bNISeKa9TlN491OLW+3y4L
ufN2xAgdxiBROoaz/yq4fkSrO/Qr/UNRUkF/bUUgkBC4G50oZX/9omp60gq8757c
SSfXMNhk9johQgRR+KGS/GxbdZIbBHWKik7wUR2IzlQ6zvAQ1EgIkVO9ygWHEHxm
dyS0U+aJ8rWJb4FJip5SRlxEKxdODMVe0lYwFU9FFzCQOaww9z9TNBqzHXE+n64q
yIdKxX4pMjGfGtHMOWFCGGHbw+vsxYoWRLTwtUS7KCuKlfxLjOfXocvlQ2KaiCvH
x7K9qpGZdb/VbW/gHYAn2l8K9wTlywed1/kMQLJRqtoeFdmrwO06CKJhRyo8VFTc
3jg3OsulYj76WH3hg0YVK2KiGZygB0JoROlTa217Q69S/liXGWAAkY9rDYxDT/qb
v8r3trYokEelg+fzS4SD2nbuJCchV8zRn1Qzv/2cI2rS+MnlT8WsYoyiBNYKuQDG
Private-MAC: 7e03ad8a54cdd862e6cf457ab04722ad5cd29e5f

The files created by PuTTYgen version 0.75 looks like this:

PuTTY-User-Key-File-3: ssh-rsa
Encryption: aes256-cbc
Comment: test-0.75
Public-Lines: 6
AAAAB3NzaC1yc2EAAAADAQABAAABAQDpmVVpHP+mSkL8CeS0TQBOYDqpPztT8K4K
u3hrj9sgu2Cz4JUpaZbu9557v10Mh+3ugtfHyKXrVh0RAbUolkYihcJ4NJEnGYc3
TitGtzfDGgVUv3aiJtbMjwvqvewIrvD0wlM8daXItgMIZ27MQ7Pdr6Pdi59pmgqV
CY5fj1tUkSI9Ac8KL6kOMY6axPPPGuXlxiCZgHkOOs2r1CQcsVShGZMZ3HrFt2dZ
3zXL0PIEZpZbg9MQaq8/Sec56wTpGtvE+a7Vq9x0uyWxah1xZ8RRsyCMW96TjMS9
X5l58nBlcC+Lo+FbhUy3TjLIZyX/UiKsG+jspBQv0jvsu0wO+nBp
Key-Derivation: Argon2id
Argon2-Memory: 8192
Argon2-Passes: 21
Argon2-Parallelism: 1
Argon2-Salt: be40a0907d9a5db663cee37e84d56345
Private-Lines: 14
3c9ctTOYlP/KAV+l+dpUCWqsGd3xkuvb67rwDokFQhcQ6/vCU/vZ4GTBogf2vHSE
Des0jEZjugI7bQ7o0SzRiGtw76PKFoph+u0AIJO9ZsR7212Yu68NolSCU0WKVuYZ
/RkS40IBJN4hZJGILPvpiXmQFZlfpf1SXRcGh9j9bnD1y05fky9QKzbJKXek/93j
aTAuPoeEFsiCK37e5Ne6Oq0MC5m9gmKYMJjgaNQVfljs8Ejur/SIDY5qMMPOWCCa
aIhNV4/6Fn4oNc9OOBEavEuQ9tWQPzGlQueh5OZhPQa+PTbICgq7J7zRk4X7OBIW
DQF2UxI9cIzjOfRh97v/A6ORBPpDQpuxhivZXLIyWFv0Qf7nqF4vT82iDNM9RXHy
sIbj5p8S1FoY1Aq74v2pyMEoThlk76G4O6N1UssYLz6ArkavWe9oYFYIIADrusRg
4g5pjGUGsNsmvV+bKKGf00oQEX5y2c+RNvJtuK6lKxr4qVbIH3tyK3/IZ/DUBCdE
yb0yf7P+d3RxqYKRZmGpDRY8oKqRkI/DQvyL/y2GXp0ziv8dXcvix6G//w1sv1a6
+ddNSZrJIl0/IwuQ6+8taoQDGtKUE76VL+Ozc127FpeZ9DTjk8IByGZqHfcIeHJa
/y6OSWeMjmAg9Pru2YGdeFUZptVklW/Ojvdhzc0QfgIJv9No9WKcYwOYwHHyB75e
T2FobpkpUvMpKquxaqEBzR97awWyBEc05pF0i0piPYU5ms3l5ZCQvYWSvt04woXR
HN6JshLfdhFZnITpdjFm0JskGrqt3Fq2wxkr/KZSqmVWHMhZOMhlA5IfIPnTNDuP
3zLicMRp3caeppth+crK8bSJt+tzCQxcBc2xgCDneCkcbT8mGdVSKiw1NYm8y7nq
Private-MAC: 1919cf61a3ca3bf3d011e2c0f794b0d4b4873602125644e876e3d599d972c96d

Kind Regards, Thomas

[ezekielnewren]

Where is the code that loads the putty key files? I'd like to make a pull request to handle the ppkv3 format.

[ezekielnewren]

I need a C# implementation of Argon2. The NuGet packages Konscious.Security.Cryptography.Argon2, Isopoh.Cryptography.Argon2, Argon2.Bindings, Argon2.NetCore aren't compatible with the project.

Liphsoft.Crypto.Argon2 is compatible, but I don't know how to generate a plgx file if I'm including a nuget package because I thought that you needed the source code for all dependencies in order to do that.

[dlech]

The ,plgx can include .dll files. See here for how to include the .dll from the Argon2 package in the .plgx.

[ezekielnewren]

It looks like Liphsoft.Crypto.Argon2 does not support Argon2id and doesn't seem to be actively maintained anymore. Would there be any problems with changing the KeeAgent framework to version .NETFramework 4.6? That would allow me to use Konscious.Security.Cryptography.Argon2 which worked in my standalone project for reading, writing and generating ppkv3 files both the encrypted and decrypted versions.

[dlech]

.NET 4.6 should be fine.

[ezekielnewren]

I've created a pull request for SshAgentLib and KeeAgent to support ppkv3 files.

A change I made that might trip people up is trying to load an unprotected key file while specifying a passphrase. If the private key is unencrypted/unprotected then make sure the password field is empty in the password entry.

[ezekielnewren]

Oops I forgot something critical. I didn't update the KeeAgent.csproj file to include the Konscious.Security.Cryptography.Argon2 dll's. But I already created the pull request, should I cancel the pull request make the changes and then create a new pull request? Or have you deal with the pull request and then have you add 2 lines to the csproj to make it work?

[ghost]

Oops I forgot something critical. I didn't update the KeeAgent.csproj file to include the Konscious.Security.Cryptography.Argon2 dll's. But I already created the pull request, should I cancel the pull request make the changes and then create a new pull request? Or have you deal with the pull request and then have you add 2 lines to the csproj to make it work?

If you create a new commit on your branch for the PR, it'll be included in the pull request automatically.

[ezekielnewren]

Ah thank you @whalehub. I commited and pushed those 2 lines. I still can't get the plgx file to work with the official keepass versions though. It seems to only work for whatever custom binary @dlech uses for development.

[ezekielnewren]

I redid everything and made the minimal changes necessary to implement ppkv3 support. I still don't know how to get the plgx file to work.

[ezekielnewren]

I got the plgx file to work. I needed to add System.Numerics.Vectors.dll to the csproj file too and then it worked.

[ezekielnewren]

Anyone who's eager to try KeeAgent with PPKv3 support can download it here. This links to a pre-release of the devlopment version that I've been working with, and will be destroyed if/when the ppkv3 pull request gets merged.

[aluchuk]

This may be related, AES-128-CBC keys created with ssh-keygen on a linux system exhibit the same behavior.

[MarviMcFly]

Are there any plans for a next official release version?

[dlech]

This may be related, AES-128-CBC keys created with ssh-keygen on a linux system exhibit the same behavior.

Can you start a new issue and attach a key to reproduce this problem? Or there may be an existing issue already for new openssh formats.

[dlech]

Are there any plans for a next official release version?

I will try to do a beta release in the next few days. In the mean time, there are now CI builds. Please try the .plgx from https://github.com/dlech/KeeAgent/actions/runs/1665388970

[MarviMcFly]

@dlech Thank's for the quick response and sorry for the delay! Unfortunately the CI build isn't working for me. Once I unlocked the database KeePass (2.48.1) will become not responding. The build from @ezekielnewren (see below the quote) is working.

Anyone who's eager to try KeeAgent with PPKv3 support can download it here. This links to a pre-release of the devlopment version that I've been working with, and will be destroyed if/when the ppkv3 pull request gets merged.

If I can help with anything please let me know!

[dlech]

Can you please give the exact steps needed to reproduce the problem?

[jetpackguy]

I have tried v0.12.2-rc1. It works with new ppkv3 files, but loading key and providing it to an external application (putty in my case) is uncomfortably slow. I have tested with the very same key generated by puttygen and saved with the default settings (now it is ppkv3) and with forced ppkv2. With ppkv2 file everything works instantly. KeePass 2.50 (64-bit) Windows 10 21H2

[dlech]

https://github.com/dlech/KeeAgent/releases/tag/v0.13.1 has been released with support for ppk v3.