Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AES-encrypted DER-encoded private keys #577

Closed
P-E-Meunier opened this issue Oct 10, 2017 · 3 comments
Closed

Support AES-encrypted DER-encoded private keys #577

P-E-Meunier opened this issue Oct 10, 2017 · 3 comments

Comments

@P-E-Meunier
Copy link
Contributor

The thrussh-keys crate tries to parse as many different key formats as possible.

The encoding of older key formats (inherited from SSLeay) is AES-encrypted, and the plaintext is sometimes padded with zeros.

This causes the read_all method in your der::nested function to fail. I am doing the following, which seems to work in many cases: parse the ASN.1 encoding of the key manually to find out its length, truncate the buffer, and parse.
@briansmith
Copy link
Owner

Please post an example key. Note that by definition of DER, there can't be any extra zero padding bytes, because every value is uniquely encoded using the shortest possible encoding.

@P-E-Meunier
Copy link
Contributor Author

So, thanks for mentioning that.
Turns out it's just my misunderstanding of how rust-crypto works with padding. I'm posting the key anyway, in case you want to handle such keys in *ring*.

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,CF6186291E818C7D6AFE285DB6C482CA

exLdQJljgJvpLamD1DIFMxM3do/f2OzeNth3nYB7ZW0wq2fq5DzoE57PjsZ+rf8q
4GZNN3x5k7pJldo18eqOengCCxwTqhHNEYzrO0AHnEYdHODHgq9TP+RlaCtdwlKX
L0Jca1c8VjYOdHVWkTTFe56VSk5+aqi0EEZ8QD1yM9DxyhsKUpKw4MMLdJlxPihu
IwMDEBTF2FZU8vIdApJql4XM/T/NXF9Y9/ts6TVEsqE/Zj8+jM/kpZs+Lo3P5jz9
2QTzvf633WuiJCmke6JK/JCsQ4NLOVlaiUXGY6sHloHTIC4vsQ79CQ3Gz6Eg2UH5
hdSA55w8As5hItVOcUMNjQRGH2/Iok+MnxP4GpuPKmA931bilqSimjYp5bHN0lC9
rA7C4kPeBw/kRXJAapM/0dR489Y9L+knuhcqK/3T2Gu3DQM7GNFt3i16JYU+i7Lz
YBw8RXKpAQz4x9ZPD8hFElXqIcZIRp3n7n4SqkLl/GrrSKp0nH27DK00A1lxUxyi
wqtlWXdatTIr86XkXuyAvJTcmS1DX2hm42ndlkGORcpa4K8Va9zAEaXtTJSKm1yk
tHuv82D44BLT/1vMTHit8AeDkwq+Wiu23YF4m0Gj0w0uiUMtC1KHnTiLglb3ZNdO
LpYvhSc3JKmlHRQnnIzrEgNOae1OVShFoSRHA9BE7R0r3FM9FPg0y3oEyl7bgzSI
kYMf+mjQ5QIxygeI7kbrU0WH6//Fx53/Ic61oSdmHraPe0SgIGsIaWiDyYRa7q4C
mefjEe19MpNPqbc11r9RbJN3V3/bzkjkQG0Y2/jEoNcKPjY0VjqGHvND++n7EOoQ
TVDh5QgFxakmSq1vnX9do6ir3oXOTnAw8yijeoNljYdMNf8bje+4J7t5mrZhtKm1
fOrOUCagWAzCWdS1GvWxF04xIkj0ZcwGu4D8V2/Th1Nkqo1aF4QeMRhrlEcNUNdb
1wgHVxfWCwrilisSN1VMBLqlxiJI2SxJQ95X2hCe58k1GK9GeW49eaiCmAeovPk3
lBoi5IvYd4hfhGv1YR0SqXlQr3riL+lan1+QzNy4eOsVsvXgX9UAbkbYYZ+IUpdj
Vq+jPUJ0yl++Gek7bZ54melWe3PxrXUnhBfVadrlu1Nj/Lb7HnwtXWxQLiNe+MoF
wnQlxPQhOBfR8bamZWgLcnNadMQtZIXQ+gAFIwXMdutBWLNJ+YpK/kErcBBWAX7Y
TNtkk/eTBSPkMsRdhu+cPVEpNBm74TI5uoBvGDS9TiomKkWoQuv9OtHy2DAPg8S1
0O5VczZDxJDxLp9H7bD5A6TEk6Gc8B93+EpYl4fGiRlRMDV32DxSrpWb3p951qVX
1AzWw/12Lw6Yp6bP5pIrmJDPT9NhplOIhoKuxNx6KS5wYiMukcTHAT6IjHd+3ujF
IBRruVRRXRiKoT2GvGVe9KULPAYKrgqyf/FisEamk20q3pZY0Q5gJrjo3kCxwECb
oK/MxkH6+gaZlhSaliqm0xip5j4DQ2MO/MocGxaI/C0iFrmYW59yIHgSOkQhRtsr
UdCCfSC0P34ABAX/cCI0XxfeAroSaRM6ow8NSxe0wkOAqvZ7EzokvgT2u/qwRdb7
-----END RSA PRIVATE KEY-----

Also, I'm renaming the issue. Feel free to close if inappropriate, and sorry for the noise.

@P-E-Meunier P-E-Meunier changed the title from_der fails when the DER is padded with zeros Support AES-encrypted DER-encoded private keys Oct 10, 2017
@P-E-Meunier
Copy link
Contributor Author

Alright, thrussh-keys now does this fine using #582.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@briansmith @P-E-Meunier