Open Enekk opened 11 years ago
A private key with a password is of course encrypted
Great, I think I was worried that the password was just a software side thing and not an actual encrypted key. Is it intended that I cannot export encrypted keys?
That is a problem of the crypto code bundled with Android that simply misses some functions :-(
Any luck on this issue? It'd be nice to be able to keep track of the key somewhere other than just the connectbot instance on this device.
I'm confused ... I can import an encrypted key without having to enter its passphrase (as far as I can remember), so CB is I infer storing the encrypted key in an equivalent form as OpenSSH. Why can't it export the encrypted key still encrypted in the OpenSSH format? Presumably once exported, if you needed an unencyrpted copy for escrow, you could do that with ssh-keygen.
This issue still shows as open, so I'm assuming that means it hasn't been resolved? In connect not, it shows an "copy private key" option under the long press menu in the key manager, but even after unlocking the key, this option remains grayed out and does nothing when pressed. Is there any update on this issue?
Ditto and bump. I'd love to be able to export the private key into another system on the device.
I was experiencing this issue, but I discovered a workaround. If you choose to 'change password' on the key and then leave the new password fields blank, it decrypts the key and then the options to copy the private key are no longer grayed out.
Thanks @jheretic that worked like a charm.
@jheretic Do you imagine this removes password protection and thus encryption of the private key altogether?
@almereyda That is exactly what it does. You will have to re-encrypt it wherever you store it next, if you want it to be secure :)
few unasked for considerations :)
If you do not fully trust your phone, stealing unencrypted keys from the disk is a million times easier than from memory. Keep this in mind when storing the unprotected version for passing it around.
second, sharing keys is not recommended. Having one new key per device/method of connection is very good when you start to suspect you've been compromised and want to evaluate your current state from logs.
last, clipboard is even more trivial to monitor/steal than memory or disk, so another reason to NOT share keys. Always generate them in-device.
bottom line: if you are not passing the pub key around, you should rethink what you are doing.
I have to export my private keys to a key escrow system, but I am unable to export my private key. One of two issues is causing this. Either:
Edit: Confirmed that I began to be unable to export the private key when adding a password. Does this actually encrypt the key or just add a password for it?