Re: [netconf] SSH private key format?
Kent Watsen <kent+ietf@watsen.net> Thu, 13 February 2020 16:44 UTC
Return-Path: <010001703f6ffed7-04873ab1-5ff6-4032-8fcc-12978816a9eb-000000@amazonses.watsen.net>
X-Original-To: netconf@ietfa.amsl.com
Delivered-To: netconf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 816BA120168 for <netconf@ietfa.amsl.com>; Thu, 13 Feb 2020 08:44:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazonses.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Zs9TNCikHKR for <netconf@ietfa.amsl.com>; Thu, 13 Feb 2020 08:44:30 -0800 (PST)
Received: from a48-95.smtp-out.amazonses.com (a48-95.smtp-out.amazonses.com [54.240.48.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9952712016E for <netconf@ietf.org>; Thu, 13 Feb 2020 08:44:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1581612269; h=From:Content-Type:Mime-Version:Subject:Date:References:To:In-Reply-To:Message-Id:Feedback-ID; bh=eh9u/S88ILkK/s1L2j4/VW3RzBIcg0Yfyw5GSxPfQfI=; b=Nv0wXDvZG43uoN3bZUd8q95UEpDBgdITKizcwWAz7/Y3k+Hf2wtkXMMjOv1cB7J8 2pOTA8d2wDAf0qAXJATUNdZ3VzsTeC0jrfa7j6fnVkHE27G0bV2dVaMU+SaI3HGxsWs UcIe1ZzTZU2uYYYZXrkRCnRC7bbwvkflPSgyuX/0=
From: Kent Watsen <kent+ietf@watsen.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_66A20427-249C-446B-82E7-50286F5668CA"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
Date: Thu, 13 Feb 2020 16:44:29 +0000
References: <01000170394b7ff7-efa3321d-b84c-4945-92d1-c567cf02c7f6-000000@email.amazonses.com>
To: "netconf@ietf.org" <netconf@ietf.org>
In-Reply-To: <01000170394b7ff7-efa3321d-b84c-4945-92d1-c567cf02c7f6-000000@email.amazonses.com>
Message-ID: <010001703f6ffed7-04873ab1-5ff6-4032-8fcc-12978816a9eb-000000@email.amazonses.com>
X-Mailer: Apple Mail (2.3445.104.11)
X-SES-Outgoing: 2020.02.13-54.240.48.95
Feedback-ID: 1.us-east-1.DKmIRZFhhsBhtmFMNikgwZUWVrODEw9qVcPhqJEI2DA=:AmazonSES
Archived-At: <https://mailarchive.ietf.org/arch/msg/netconf/ONjGiYWZGun9690w-rQXxV92PM4>
Subject: Re: [netconf] SSH private key format?
X-BeenThere: netconf@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: NETCONF WG list <netconf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/netconf>, <mailto:netconf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/netconf/>
List-Post: <mailto:netconf@ietf.org>
List-Help: <mailto:netconf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/netconf>, <mailto:netconf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2020 16:44:33 -0000
After a little digging…
1) `ssh-keygen` default private key format is a proprietary format:
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD <https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.key?annotate=HEAD>
2) `ssh-keygen` can told to save a generated private key to the standard
PKCS/CMS format using the “-m PEM” parameter
3) `ssh-keygen` can also convert its proprietary private key format to the
PKCS/CMS format (e.g., ssh-keygen -p -N "" -m PEM -f <filename>)
4) OpenSSH can read (but not write) PKCS#8/OneAsymmetricKey
formats. See the 9th paragraph of the accepted answer here:
https://superuser.com/questions/1477472/openssh-public-key-file-format <https://superuser.com/questions/1477472/openssh-public-key-file-format>
5) strangely, for “ecdsa” keys only, creating the “PEM” format via (3) or (4)
produces different EC keys (different number of fields), though both are
still parsable via `openssl ec …`
More info here: https://www.thedigitalcatonline.com/blog/2018/04/25/rsa-keys <https://www.thedigitalcatonline.com/blog/2018/04/25/rsa-keys>
Conclusion:
- It seems that both SSH and TLS private keys use the same PKCS/CMS and
OneAsymmetricKey formats.
Kent // contributor
> On Feb 12, 2020, at 7:06 AM, Kent Watsen <kent+ietf@watsen.net> wrote:
>
> Related to the crypto-types, keystore, and truststore drafts...
>
> Everyone seems to agree that the *public* key format can be specified as:
>
> leaf public-key {
> type binary;
> description
> "The binary public key data for an SSH key, as
> specified by RFC 4253, Section 6.6, i.e.:
>
> string certificate or public key format identifier
> byte[n] key/certificate data.";
> reference
> "RFC 4253: The Secure Shell (SSH) Transport
> Layer Protocol”;
> }
>
> BTW, being “binary”, this produces a block a base64,
> a la https://tools.ietf.org/html/rfc4716#section-3.6 <https://tools.ietf.org/html/rfc4716#section-3.6>, but
> without the headers and footers, or EOL characters.
>
> Also note that “key data” is underspecified. “certificate
> data” is better, as PGP/X.509 certs are well-specified,
> though we have to *assume* the encoding is “DER".
>
>
> But what is the *private* key format? (i.e., ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa).
>
> SSH-KEYGEN(1) says this:
>
> -m key_format
> Specify a key format for the -i (import) or -e (export) conversion options. The supported key formats are:
> ``RFC4716'' (RFC 4716/SSH2 public or private key), ``PKCS8'' (PEM PKCS8 public key) or ``PEM’'
> (PEM public key). The default conversion format is ``RFC4716''.
>
> FWIW, RFC 4716 does NOT define a private key format. PKCS8 does define a private key format. PKCS8 was obsoleted by RFC 5958, which defines the “OneAsymmetricKey" format, which is one of the formats used for TLS private keys.
>
> That said, without actually trying to parse these private keys files,I suspect that they are actually raw private keys (e.g., RSAPrivateKey, ECPrivateKey, etc.) and not PKCS8/OneAsymmetricKey because, if they were a OneAsymmetricKey, there would be no need for different filenames...
>
> Can anyone dig into this and confirm what these file formats are?
>
>
> Kent // contributor
>
> _______________________________________________
> netconf mailing list
> netconf@ietf.org
> https://www.ietf.org/mailman/listinfo/netconf
- [netconf] SSH private key format? Kent Watsen
- Re: [netconf] SSH private key format? Kent Watsen