2947 – ssh-keygen generated keys are not read in by openssl

Bug 2947 - ssh-keygen generated keys are not read in by openssl

Summary: ssh-keygen generated keys are not read in by openssl

Status:	CLOSED WONTFIX

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-keygen (show other bugs)
Version:	7.9p1
Hardware:	Other Windows 7

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-12-19 22:06 AEDT by Thomas Schweikle
Modified:	2021-04-23 15:00 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Schweikle 2018-12-19 22:06:34 AEDT

# ssh-keygen -t rsa -b 2048 -N "" -C "TestKey" -f id_gvm_rsa
Generating public/private rsa key pair.
id_gvm_rsa already exists.
Overwrite (y/n)? y
Your identification has been saved in id_gvm_rsa.
Your public key has been saved in id_gvm_rsa.pub.
The key fingerprint is:
SHA256:9NrSbEbjs8/5zXqSX7vVDwv7Ws7U0FBV+YGKOwXVmM0 TestKey
The key's randomart image is:
+---[RSA 2048]----+
|          ..* . B|
|         . o E + |
|        . o . . o|
|       . o o   o.|
|        S *   . .|
|         X .   o.|
|        o X . +.=|
|         + + Oo=*|
|          ..*+BB*|
+----[SHA256]-----+
# openssl req -x509 -days 2000 -new -key id_gvm_rsa -out id_gvm_rsa-cert.pem
unable to load Private Key
140028946031680:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

Handbook and examples state this shall work. It does not.
This breaks various tools and websites importing private or public ssh-keys. They just fail.

Comment 1 Jakub Jelen 2018-12-19 23:00:03 AEDT

The release notes [0] specify this pretty explicitly:

 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format.

If you wish to generate the PEM files, use the -m PEM, which is unfortunately undocumented either [1] yet.

[0] http://www.openssh.com/txt/release-7.8
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2904

Comment 2 Thomas Schweikle 2018-12-20 02:45:42 AEDT

It should not matter which format I wrote the keys out. Since the private key is in all cases written in more or less pem-format.

Importing some ssh-keygen generated private key this way should work out of the box. But it does not. Interestingly if I generate the key pair using openssl I can import this key and use it together with ssh! Even ssh-keygen accepts this key and exports an ssh-format public key from it.

So what does ssh-keygen do other than openssl while writing a key out? The private key written by ssh-keygen is only usable by ssh-keygen, while the private key written by openssl is usable by both: ssh-keygen and openssl!

# openssl genpkey -algorithm RSA -out id_rsa.key -pkeyopt rsa_keygen_bits:2048 && chmod 0600 id_rsa.key
# openssl rsa -pubout -in id_rsa.key -out id_rsa.pem && chmod 0600 $id_rsa.pem
# cp id_rsa.key id_rsa
# ssh-keygen -y -f id_rsa > id_rsa.pub

but

# ssh-keygen -t rsa -b 2048 -N "" -C "" -f id_rsa
# openssl rsa -pubout -in id_rsa.key -out id_rsa.pem

Creates a key openssl chocs on:
unable to load Private Key
140028946031680:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

Visually there is no difference with these files (except for the key).

Comment 3 Damien Miller 2019-01-22 22:09:11 AEDT

OpenSSH stopped using PEM keys a few releases ago because the security of the PEM password encryption is very bad and showed no signs of improving. 

If you don't care about key theft and offline cracking of your key's 
passphrases then you can still use the PEM key format in OpenSSH:

ssh-keygen -m PEM -f /path -t type   # generate
ssh-keygen -m PEM -p -f /path        # convert new format to PEM

Comment 4 Damien Miller 2021-04-23 15:00:24 AEST

closing resolved bugs as of 8.6p1 release