Bug 2567

Summary: Wrong terminology used for ssh-keygen "-m" option
Product: Portable OpenSSH Reporter: Ilya <kazakevichilya>
Component: DocumentationAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: normal    
Priority: P5    
Version: 6.6p1   
Hardware: Other   
OS: All   

Description Ilya 2016-05-06 05:59:41 AEST 
According to "man ssh-config", "-m" support following formats: "âPKCS8â (PEM PKCS8 public key)" and "âPEMâ (PEM public key)".

This is not true. First of all they are both PEM (Base64 encoded DER). And PKCS8 is for *private* keys only. What you call "PKCS8" is "SubjectPublicKeyInfo" and it is encoded in PEM.

What you call "PEM" is RSA public key encoded in PEM.

People are confused:
http://crypto.stackexchange.com/questions/27913/why-can-ssh-keygen-export-a-public-key-in-pem-pkcs8-format

http://crypto.stackexchange.com/questions/35093/why-ssh-gen-makes-difference-between-pem-and-pkcs8


"PKCS8" is better be called "SubjectPublicKeyInfo" or "AnyPublicKey" and "PEM" should be "RSAPublicKey" or "RSAEncryption".