Update OpenSSH Key V1 parsing using CRT information for RSA Private Keys #726
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jeroen van Erp <jeroen@hierynomus.com>
hierynomus
approved these changes
Sep 27, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Key parsing in
OpenSSHKeyV1KeyFilecurrently parses RSA Private Keys and returns anRSAPrivateKeySpeccontaining the modulus and private exponent. As a result of this approached, the BouncyCastle implementation ofRSAPrivateKey.getEncoded()returns0for all other fields when serializing the the key to an ASN.1 encoded PrivateKeyInfo byte array. This creates problems writing RSA Private Keys to PKCS8 PEM files as described in issue #705.This pull request updates RSA Private Key parsing in
OpenSSHKeyV1KeyFileto read and use the available elements of the RSA Private Key. Following RFC 8017 Section 3.2, the updated approach calculates the Prime Exponent P and Prime Exponent Q values, then returns anRSAPrivateCrtKeySpecfor conversion into a standardjava.security.PrivateKey. The implementation returns a complete representation of the ASN.1 encoded PrivateKeyInfo when callingPrivateKey.getEncoded(). This pull request includes a new unit test that compares the public exponent values against the parsed RSA Public Key, and also compares the expected computed exponents.