Open novasharper opened 1 year ago
How exactly did you generate the key?
I used ssh-keygen -t ed25519
I just did that and everything worked fine
Yeah. I tried with a test key that I freshly generated and did not run into the issue. I think that the problem is that I was importing the key after exporting it from 1password. I am not sure how to debug what about the export with password process resulted in this issue.
It isn't something we would fix because the error shown is likely due to a key format error. You will probably have to convert the key into a proper format to be used in KeePassXC.
The key I exported from 1password worked when I directly used it with openssh, though.
@droidmonkey I took a look at the base64-encoded data and saw that the key I had generated was encrypted with aes256-ctr
.
When I looked at the manpage for ssh-keygen
, it indicated that I should use ssh -Q ciphers
to get the list of valid cipers to use. It looks like for aes(128|256)-gcm
, the cipher name has the @openssh.com
tacked on to the end.
$ ssh -Q ciphers
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
I also saw this when looking at the list of ciphers in the openssh source code. When I tried doing ssh-keygen -t ed25519 -Z aes256-gcm -f test
, it indicated that aes256-gcm
was an invalid cipher. I needed to specify the cipher name as aes256-gcm@openssh.com
(this was then embedded in the key data).
@hifi
Also, after I modified the cipher detection to use startsWith
when checking for aes256-gcm
, it ran into an error that the buffer size was not a multiple of the granularity (botan:src/lib/modes/aead/gcm/gcm.cpp
)
size_t GCM_Decryption::process(uint8_t buf[], size_t sz)
{
BOTAN_ARG_CHECK(sz % update_granularity() == 0, "Invalid buffer size");
m_ghash->update(buf, sz);
m_ctr->cipher(buf, buf, sz);
return sz;
}
Likely because this is some custom format that openssh invented because why do standards right?
It looks like this is an official standard. Or at least, there is a spec/doc from NIST on the GCM mode for AES.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf
And Intel + Microsoft have support for it in some of their APIs.
GCM is a standard, but clearly it's "special" in openssh land
I suppose this depends on how easy it is to support this with botan.
It looks like this will require botan changes first. There would need to be some way of telling it to just use block size as the update granularity instead of multiplying by max(2, BOTAN_BLOCK_CIPHER_PAR_MULT)
where BOTAN_BLOCK_CIPHER_PAR_MULT = 4
by default.
randombit/botan#3168 just merged, so botan has the necessary fixes. However, the changes will be in 3.0, so the full fix would have to wait (at least) until it is released.
Nice!
Woops closed through PR merge
Overview
Cannot add password-protected ed25519 key
Steps to Reproduce
Add to agent
buttonExpected Behavior
Private keyfile is accepted
Actual Behavior
Error popup
Unknown cipher: aes-256gcm@openssh.com
Context
KeePassXC - Version 2.7.4 Revision: 63b2394
Operating System: Linux Desktop Env: Gnome Windowing System: Wayland