Migrate existing private keys to new OpenSSH format

[dolmen]

Because the PEM format is insecure. https://latacora.singles/2018/08/03/the-default-openssh.html

So detect if private keys use the old format and migrate them (use ssh-keygen -o).

Related: #41, #7

See also this old blog post (pre -o option): http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html

Also: https://blog.g3rt.nl/upgrade-your-ssh-keys.html

[ran-dall]

@dolmen Awesome work, brother! (Sorry if this is a bit off topic)

I saw this issue and was thinking of maybe putting together a pull request in the near future; so I was doing a bit of homework. Ed25519 seems to be the best option for a SSH key right now.

Main Reference Additional Reference

I've tested it and am able to confirm that Ed25519 works correctly. You can test with github-keygen -t ed25519...; so perhaps the next logical step would be move in this direction?

Also, it's worth noting that Ed25519 keys are only compatible with the new key format, so -o wouldn't be needed.

[dolmen]

I've not yet switched to ed25519 because I have for a long time wanted to keep github-keygen working with the old OpenSSH version bundled with msysgit. I should now check the version of OpenSSH bundled with git-for-Windows.

[dolmen]

Another reference about migration to Ed25519: https://medium.com/risan/upgrade-your-ssh-key-to-ed25519-c6e8d60d3c54