Re: What Encryption Method Is Used for ssh-keygen RSA Private Keys?
- From: Tom St Denis <tom@xxxxxxx>
- Date: Wed, 5 May 2010 11:18:15 -0700 (PDT)
On May 5, 1:28 pm, "Datesfat Chicks" <datesfat.chi...@xxxxxxxxx>
wrote:
When I use "ssh-keygen" on a Linux box and generate an RSA keypair, what
encryption method is used for the private key?
It says "DES" in the key file, but this can't be right?
I couldn't find this information easily anywhere ....
A sample key generation and files are below. The passphrase is "testtest".
The actual ciphering is in CBC mode where key derivation is non-PKCS
#5. It actually comes from the Netscape SSL library which predates
PKCS #8 as best as I can tell.
The gist of the key derivation is
first = 1
while (keybytes_left && ivbytes_left) {
M = empty_string
if (!first) { M = M || previous_hash; }
M = M || passwd
M = M || salt
M = hash(M)
for (x = 1; x < count; x++) {
M = hash(M)
}
Fill keybyte array with M (if keybytes_left > 0)
Fill ivbyte array with M (if anything left of M)
previous_hash = M
first = 0
}
The string you see after the cipher name is the salt [iirc]. Where
hash == MD5 I think...
Tom
.
- Follow-Ups:
- Re: What Encryption Method Is Used for ssh-keygen RSA Private Keys?
- From: Datesfat Chicks
- Re: What Encryption Method Is Used for ssh-keygen RSA Private Keys?
- Prev by Date: Re: A Modern Reappraisal of the One-Time Pad Cipher.
- Next by Date: Re: What Encryption Method Is Used for ssh-keygen RSA Private Keys?
- Previous by thread: VBScript implementation of AES encryption
- Next by thread: Re: What Encryption Method Is Used for ssh-keygen RSA Private Keys?
- Index(es):
