bugzilla-daemon at mindrot.org
2020-Jul-18 17:54 UTC
[Bug 3195] New: ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Bug ID: 3195
Summary: ssh-keygen unable to convert ED25519 public keys
Product: Portable OpenSSH
Version: 8.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: marcoshalano at gmail.com
I generate a ED25519 key using OpenSSL:
openssl genpkey -algorithm ED25519 -out key_ed25519.pem
After that I extracted the public key:
openssl pkey -in key_ed25519.pem -pubout -out public_ed25519.pem
And then I try to get the SSH public key to put on authorized_keys:
ssh-keygen -i -m PKCS8 -f public_ed25519.pem
The error was:
do_convert_from_pkcs8: unsupported pubkey type 1087
So I think ssh-keygen can't convert a ED25519 public key. The expected
result was something like:
ssh-ed25519 AAAA...
I found a tool called sshpk (https://www.npmjs.com/package/sshpk) which
converts correctly:
sshpk-conv public_ed25519.pem -t ssh
The output is what I should expect.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-24 05:51 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3433
--> https://bugzilla.mindrot.org/attachment.cgi?id=3433&action=edit
support reading PKCS8 Ed25519 keys
OpenSSH doesn't currently support reading or writing Ed25519 keys in
any format other than the OpenSSH native key format.
Not all libcrypto implementations support Ed25519 keys, in particular
LibreSSL does not.
This patch adds support for reading PKCS8 Ed25519 keys on recent
OpenSSL, but it can't be upstreamed until LibreSSL supports these keys
too.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-30 04:04 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ricky.tigg at gmail.com
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
*** Bug 3298 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-30 10:23 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195 --- Comment #3 from ricky.tigg at gmail.com --- Patch providing basic support of Ed25519 keys via PKCS#11 tokens: https://github.com/openssh/openssh-portable/pull/230 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Jun-01 05:02 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
guanlong <gl at glong.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |gl at glong.net
--- Comment #4 from guanlong <gl at glong.net> ---
Created attachment 3525
--> https://bugzilla.mindrot.org/attachment.cgi?id=3525&action=edit
hello moto
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Jun-01 05:04 UTC
[Bug 3195] ssh-keygen guanlong ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
guanlong <gl at glong.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|ssh-keygen unable to |ssh-keygen guanlong ED25519
|convert ED25519 public keys |public keys
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Jun-01 05:17 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|ssh-keygen guanlong ED25519 |ssh-keygen unable to
|public keys |convert ED25519 public keys
CC| |dtucker at dtucker.net
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-17 16:24 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Evan Carroll <me at evancarroll.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |me at evancarroll.com
--- Comment #5 from Evan Carroll <me at evancarroll.com> ---
(In reply to Damien Miller from comment #1)> it can't be upstreamed until LibreSSL supports these
> keys too.
Should this be re-evaluated now that LibreSSL supports ed25519 with
3.7.0 released Dec 12, 2022?
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.0-relnotes.txt
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-11 07:26 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-11 07:42 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dbelyavs at redhat.com
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
*** Bug 3315 has been marked as a duplicate of this bug. ***
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Oct-11 23:08 UTC
[Bug 3195] ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3628
Status|ASSIGNED |RESOLVED
Resolution|--- |FIXED
--- Comment #7 from Damien Miller <djm at mindrot.org> ---
This has been applied and will be in openssh-9.6; due around the end of
the year
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3628
[Bug 3628] tracking bug for openssh-9.6
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Reasonably Related Threads
- [PATCH] use ecdh/X25519 from openssl when possible (openssl-1.1.0+)
- [PATCH 1/3] Add private key protection information extraction to ssh-keygen
- Call for testing: OpenSSH 6.9
- Sign/verify data with ed25519 keys of a tinc 1.1 host
- New key type (ed25519) and private key format