Reputation: 6954
Making Git more secure: How to gen ssh keys in PKCS#8 format with the openssl.exe utility?
There is a nice essay that says the stock "ssh-keygen" creates an older, easier to crack private key, and that PKCS#8 is the way to go.
So, instead of the stock ssh-keygen approach, I want to use a new "ssh-pkcs8-gen" approach.... (not for me, for the git users who hang off my git server).
Everything I have seen discusses taking the ASN.1 output from ssh-keygen and converting it to PKCS#8 This is a lot of steps, and I don't want to make life impossible for my users.
How can I directly, in one step, create a PKCS#8 private key with openssl.exe (or similar tool commonly distributed with Git.... I believe openssl can do it)
Upvotes: 6
Views: 7658
Answers (2)
Reputation: 71
On OpenSSH_8.2p1 it seems that ssh-keygen support PKCS8 directly, e.g.:
ssh-keygen -m PKCS8 -t rsa
Upvotes: 7
Reputation: 1328982
The article "Improving the security of your SSH private key files" from Martin Kleppmann describes:
- how to generate a classic RSA passphrase-protected key
- how to convert if to PKCS#8 (Public-Key Cryptography Standards (PKCS) #8)
So maybe chaining the two operations together in a script would result in the right key generated in ne step:
ssh-keygen -t rsa -N 'super secret passphrase' -f test_rsa_key
mv test_rsa_key test_rsa_key.old
openssl pkcs8 -topk8 -v2 des3 \
-in test_rsa_key.old -passin 'pass:super secret passphrase' \
-out test_rsa_key -passout 'pass:super secret passphrase'
Upvotes: 3
Related Questions
- How to Create SSH Key in git
- SSH key generation for GIT on Windows 8
- How to configure git with SSH keys on Windows 10?
- Problems using GIT w/ SSH key file under Windows
- Windows Git - set up SSH key
- github generate ssh key on windows
- Generating SSH-Keys for Git on Windows 7
- Setting up public key encryption for git ssh
- Generate valid openssh ssh key under windows
- Windows 7. Git public key configuration