-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to decrypt SSH privatekey #86
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
We have been testing SSH connection with encrypted private keys and it works when using the default encryption (aes256-ctr). However if alternative cipher is used, privatekey decryption fails
Used versions
Maverick-synergy: 3.1.1
Maverick-bc: 3.1.1
Specifying an alternative privatekey encryption is possible with later versions of OpenSSH, ssh-keygen man pages state
Supported ciphers in OpenSSH_9.6p1, LibreSSL 3.3.6 are
I have encrypted my private key used in this with command
ssh-keygen -Z [email protected] -o -p -f <file>
My understanding on this is limited but issue might be related to https://stackoverflow.com/questions/35558249/aes-gcm-with-bouncycastle-throws-mac-check-in-gcm-failed-when-used-with-iv. Did some digging and found out that
maverick-synergy/maverick-base/src/main/java/com/sshtools/common/publickey/OpenSSHPrivateKeyFile.java
Line 275 in 756ca19
maverick-synergy/maverick-base/src/main/java/com/sshtools/common/publickey/OpenSSHPrivateKeyFile.java
Line 276 in 756ca19
In ssh-keygen aes256-gcm seems to use IV length of 12 and key length of 32, https://github.com/openssh/openssh-portable/blob/master/cipher.c#L99
The text was updated successfully, but these errors were encountered: