search for: passout

...my proposal is, to alter this by using PKCS 8 as defined in RFC 5208 as is described in the above article. This currently works already by converting your key manually: openssl pkcs8 -topk8 -v2 des3 \ -in test_rsa_key.old -passin 'pass:super secret passphrase' \ -out test_rsa_key -passout 'pass:super secret passphrase' I didn't find any contradicting documentation or stuff inside the SSH RFCs why this is not the default yet. I know this is just a little hardening and just covers cases where your encrypted private key gets stolen and is harder to bruteforce due to the u...