openssh bugs - May 2019 - [Bug 3013] New: Use the PKCS#8 formatted PEM files instead of insecure "traditional PEM"

https://bugzilla.mindrot.org/show_bug.cgi?id=3013

            Bug ID: 3013
           Summary: Use the PKCS#8 formatted PEM files instead of insecure
                    "traditional PEM"
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Created attachment 3286
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3286&action=edit
generate PEM files in new PKCS#8 format

OpenSSL 1.0 introduced the following change according to the changelog
[1]:
>  *) Make PKCS#8 the default write format for private keys, replacing the
>    traditional format. This form is standardised, more secure and
doesn't
>    include an implicit MD5 dependency.
>    [Steve Henson]
This is getting rid of of the old "traditional PEM" format and use the
standardized PKCS#8 one. Unfortunately, the users of the old API are
left with the old format, because the new format requires the use of a
new API.

I think OpenSSH should make use of this new format and use more secure
keys without leaving the users that need some interoperability (can not
use the new OpenSSH format) with the old (potentially) insecure format.

The attached patch modifies the PEM export function to use the new API
and generate PKCS#8 PEM files. They are readable by existing OpenSSL
API so this is the only change needed.

[1]
https://git.openssl.org/gitweb/?p=openssl.git;a=blob_plain;f=CHANGES;hb=refs/heads/OpenSSL_1_0_0-stable

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3013

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3295
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3295&action=edit
support pkcs#8 and PEM

I don't think we want to remove the ability to support olde PEM keys
entirely as there's a bit of non-OpenSSL stuff that expects them. This
adds support for PKCS#8 in parallel.

"ssh-keygen -m PKCS8 -t rsa" seems to do the right thing with this
now.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3013

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2988


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2988
[Bug 2988] Tracking bug for 8.1 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3013

--- Comment #2 from Jakub Jelen <jjelen at redhat.com> ---
Damien, thank you for the proposed patch. Fast read-through looks good
to me and it is indeed a good idea to provide backward compatibility.
This is also resolving the long-standing issue when the PKCS8 was used
only for public keys, which I found very confusing whenever I tried to
convert some keys from one format to other.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3013

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Applied - thanks!

commit eb0d8e708a1f958aecd2d6e2ff2450af488d4c2a
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Jul 15 13:16:29 2019 +0000

    upstream: support PKCS8 as an optional format for storage of

    private keys, enabled via "ssh-keygen -m PKCS8" on operations that
save
    private keys to disk.

    The OpenSSH native key format remains the default, but PKCS8 is a
    superior format to PEM if interoperability with non-OpenSSH
software
    is required, as it may use a less terrible KDF (IIRC PEM uses a
single
    round of MD5 as a KDF).

    adapted from patch by Jakub Jelen via bz3013; ok markus

    OpenBSD-Commit-ID: 027824e3bc0b1c243dc5188504526d73a55accb1

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3013

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.