[ 
https://issues.apache.org/jira/browse/SSHD-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16704013#comment-16704013
 ] 

Thomas Wolf commented on SSHD-708:
----------------------------------

Supporting encrypted OpenSSH key files is getting somewhat more urgent. OpenSSH 
has switched in recent versions its default settings and now by default creates 
key files that use its "new" format, and it always uses that format for ed25519 
keys.

There is a Java library that implements the necessary Bcrypt KDF; available as 
maven artifact org.connectbot.jbcrypt:jbcrypt:1.0.0. That appears to be a copy 
of org.mindrot.jbcrypt, but with the pbkdf functionality added. License is ISC.

With that library, decrypting encrypted OpenSSH key files is possible. See 
[Eclipse bug 541703|https://bugs.eclipse.org/bugs/show_bug.cgi?id=541703] for 
some initial thoughts. For use in Eclipse I'll have to get legal clearance for 
that org.connectbot.jbcrypt artifact from the Eclipse legal team. What 
constraints exist on the Apache side? Would it be OK if I provided a PR that 
just consumes this maven artifact via a dependency? Would it also be OK if we 
just copied the source of this BCrypt implementation into the sshd source tree 
(the artifact contains only a single implementation class)? (In both cases I'll 
have to check with the Eclipse legal team if doing either would be OK with 
_them_...) And which would you prefer?

> Add support for password encrypted ed25519 private key files
> ------------------------------------------------------------
>
>                 Key: SSHD-708
>                 URL: https://issues.apache.org/jira/browse/SSHD-708
>             Project: MINA SSHD
>          Issue Type: Improvement
>    Affects Versions: 1.4.0
>            Reporter: Goldstein Lyor
>            Priority: Minor
>
> The current code supports only reading un-encrypted private key files



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to