New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/crypto/ssh: please provide unified parameter types for ed25519.PrivateKey #51974
Comments
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
cc @golang/security |
It's even a little worse than this: ParseRawPrivateKey returns a value for PKCS8 encodings (because it calls x509.ParsePKCS8PrivateKey) and a pointer for the OpenSSH encoding. The correct type is definitely the value type, which is what everything else expects, but it might be too late to change ParseRawPrivateKey, since most if not all Ed25519 keys are encoded in the OpenSSH encoding, so applications are probably expecting pointers there. |
It goes all the way back to 2016, so applications have surely come to rely on it: https://go-review.googlesource.com/22512 See also golang/crypto#119. |
OpenSSH never generated them (unencrypted, and golang.org/x/crypto/ssh doesn't support encrypted PKCS#8 for now, so the encrypted_keys.go change is technically superfluous) but there are other systems that produce them (for example, 1Password). Unfortunately, ParseRawPrivateKey returns a value type for PKCS#8 and a pointer type for the OpenSSH format (golang/go#51974), so we need to handle both. Fixes #429
OpenSSH never generated them (unencrypted, and golang.org/x/crypto/ssh doesn't support encrypted PKCS#8 for now, so the encrypted_keys.go change is technically superfluous) but there are other systems that produce them (for example, 1Password). Unfortunately, ParseRawPrivateKey returns a value type for PKCS#8 and a pointer type for the OpenSSH format (golang/go#51974), so we need to handle both. Fixes #429
Hi,
When I want to use go to do some format cleaning for PEM file found that
ssh.ParseRawPrivateKey
andx509.MarshalPKCS8PrivateKey
have different data type fored25519.PrivateKey
.ssh.ParseRawPrivateKey
actually output a Pointer,x509.MarshalPKCS8PrivateKey
only receiver Value.But other algorithms are both pointers. So I had to do type assertion for
ed25519.PrivateKey
.example code:
I think it's not necessary. Perhaps we can make
x509.MarshalPKCS8PrivateKey
receivered25519.PrivateKey
Pointer and Value at same time or makessh.ParseRawPrivateKey
output Value becauseed25519.PrivateKey
underlying type is[]byte
.The text was updated successfully, but these errors were encountered: