Open DarkPhily opened 2 months ago
Hey,
Currently, someone can create a private ssh-key with ssh.MarshalPrivateKeyWithPassphrase(). This API doesn't expose the configured rounds. The rounds are currently hard-coded in:
ssh.MarshalPrivateKeyWithPassphrase()
func passphraseProtectedOpenSSHMarshaler(passphrase []byte) openSSHEncryptFunc { return func(privKeyBlock []byte) ([]byte, string, string, string, error) { salt := make([]byte, 16) if _, err := rand.Read(salt); err != nil { return nil, "", "", "", err } opts := struct { Salt []byte Rounds uint32 }{salt, 16} // Derive key to encrypt the private key block. k, err := bcrypt_pbkdf.Key(passphrase, salt, int(opts.Rounds), 32+aes.BlockSize) if err != nil { return nil, "", "", "", err } // Add padding matching the block size of AES. keyBlock := generateOpenSSHPadding(privKeyBlock, aes.BlockSize) // Encrypt the private key using the derived secret. dst := make([]byte, len(keyBlock)) key, iv := k[:32], k[32:] block, err := aes.NewCipher(key) if err != nil { return nil, "", "", "", err } stream := cipher.NewCTR(block, iv) stream.XORKeyStream(dst, keyBlock) return dst, "aes256-ctr", "bcrypt", string(Marshal(opts)), nil } }
It would be nice if this is configurable as it is in ssh-keygen -a
ssh-keygen -a
CC @golang/security
Change https://go.dev/cl/613036 mentions this issue: design/68723-crypto-ssh-v2.md: PrivateKeySigner and MarshalPrivateKey Options
design/68723-crypto-ssh-v2.md: PrivateKeySigner and MarshalPrivateKey Options
Proposal Details
Hey,
Currently, someone can create a private ssh-key with
ssh.MarshalPrivateKeyWithPassphrase()
. This API doesn't expose the configured rounds. The rounds are currently hard-coded in:It would be nice if this is configurable as it is in
ssh-keygen -a