Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ED25519 Encrypted keys report #655

Open
jfarjona opened this issue Jan 15, 2025 · 2 comments
Open

ED25519 Encrypted keys report #655

jfarjona opened this issue Jan 15, 2025 · 2 comments

Comments

@jfarjona
Copy link

jfarjona commented Jan 15, 2025
edited
Loading

Version

2.14.0

Bug description

Loading a password-encrypted ssh key (generated by ssh-keygen -t ed25519) produces exception StreamCorrupted exception, saying that the private key check values are different. (Maybe a ssh-keygen error?)

KeyPairResourceLoader loader = SecurityUtils.getKeyPairResourceParser();
FilePasswordProvider pwProvider = FilePasswordProvider.of("test-password");
Collection keys = loader.loadKeyPairs(null, Path.of("c:/temp/remote.key"), pwProvider);

The key file (c:/temp/remote.key):

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABAqpm9aqp
NwzS2lZgSFIir3AAAAGAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAIPi6WPXGOWUw1eUY
mtdHGcajUSqiFdg+EpMGsswJUUWtAAAAoEtU0dtokkGeO3IGtibIWjzcgrSHOd2/H5IIQU
cs+sAM+bnM9QkP7mJZ3BLfLx1k7HA5SinYibTJPy+h+Dk3FhMYhN3zzG+/ZUYjNFbPGoch
NKW5QSi6HL3dxgG9Yv0mF2yWYitlJDLk9/rRz5bJBrNnYV1OJ2+qxV6EQ4M9glg1KW0UdV
IcKgt4n7b91lo3l/u/xiz/kfQ4KBLRy9l7XrU=
-----END OPENSSH PRIVATE KEY-----

Pom:
<...>

org.apache.sshd
sshd-core
2.14.0


org.apache.sshd
sshd-scp
2.14.0


org.apache.sshd
sshd-scp
2.14.0


net.i2p.crypto
eddsa
0.3.0

<...>

Actual behavior

Throws Exception, saying the key check values don't match.

Expected behavior

Should load the key as ssh does...

Relevant log output

Caused by: java.io.StreamCorruptedException: Mismatched private key check values (e912604c/5b6c9255) in c:\temp\remote.key
	at org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser.readPrivateKeys(OpenSSHKeyPairResourceParser.java:257) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser.lambda$extractKeyPairs$0(OpenSSHKeyPairResourceParser.java:182) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.FilePasswordProvider.decode(FilePasswordProvider.java:126) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.openssh.OpenSSHKeyPairResourceParser.extractKeyPairs(OpenSSHKeyPairResourceParser.java:179) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:198) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.extractKeyPairs(AbstractKeyPairResourceParser.java:167) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.AbstractKeyPairResourceParser.loadKeyPairs(AbstractKeyPairResourceParser.java:117) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceParser$2.loadKeyPairs(KeyPairResourceParser.java:166) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:157) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:148) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:139) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:115) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:90) ~[sshd-common-2.14.0.jar:2.14.0]
	at org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader.loadKeyPairs(KeyPairResourceLoader.java:84) ~[sshd-common-2.14.0.jar:2.14.0]

Other information

If the key is NOT encrypted, the software works ok.
@tomaswolf
Copy link
Member

tomaswolf commented Jan 15, 2025
edited
Loading

Cannot reproduce. The key as you gave it above loads fine for me with the given password. And its check value is 0x515ec6b8. (So none of the values listed in the stack trace you've given.)

@tomaswolf
Copy link
Member

Typically this "Mismatched private key check values" exception occurs if the wrong password is used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomaswolf @jfarjona