[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] keyring integration from a user POV

From: Justin Patrin
Subject: Re: [Monotone-devel] keyring integration from a user POV
Date: Fri, 13 Apr 2007 17:47:29 -0700

On 4/13/07, Jack Lloyd <address@hidden> wrote:
On Fri, Apr 13, 2007 at 02:33:36PM -0700, Nathaniel Smith wrote:

> I believe it's actually exactly the same format that ssh uses by
> default... but maybe different headers or something?  (It has some
> official name too, some complicated acronym...)

This is probably more inforamation than you wanted:

There's a standard (of sorts) named PKCS #1 specifies the format of an
RSA key (ie what numbers are included in the file, what order,
etc). If it's an "RSA PRIVATE KEY", it's just the bare PKCS #1 struct
base64'ed. If it's an "ENCRYPTED PRIVATE KEY", it's PKCS #1 with some
crypto wrapper goop from PKCS #8 (though actually any sort of key, eg
DSA or DH could be in there, however I guess Monotone can ignore that
possibility since it only generates RSA keys). If it's "RSA PRIVATE
KEY" with something like "Proc-Type: 4,ENCRYPTED", it's PKCS #1
wrapped in some sort of undocumented (AFAIK) OpenSSL-specific format.

The OpenSSL decoder functions handle all three transparnetly, IIRC,
which is why ssh-agent accepts all of them without problems. If you
guys have some burning need to get the OpenSSL format I can probably
whip up something to encode/decode RSA keys sometime in the next
couple of weeks. might already
have an implementation of it, but I haven't checked.

Currently I don't think we need anything more as our exported keys
work fine in ssh-agent. SSHKeychain doesn't do any real encoding, just
checks that first line, so it was easy to patch. I don't know for sure
about any other key store UIs, though...

Justin Patrin

reply via email to

[Prev in Thread] Current Thread [Next in Thread]