key file formats

Mar 20, 2012 at 2:20 PM
Edited Mar 20, 2012 at 2:22 PM

I am trying to sftp using keys generated by SSH Tectia Client with little success.  I have a modified regex on line 28 of PrivateKeyFile.cs that seems to work with both the keys provided in the sshnet unit tests as well with keys generated by Tectia:

        private static Regex _techtiaPrivateKeyRegex = new Regex(@"^-* ?BEGIN (?<keyName>.*) PRIVATE KEY ?-*\r?\n"
            + @"(Proc-Type: 4,ENCRYPTED\r?\n"
            + @"DEK-Info: (?<cipherName>[A-Z0-9-]+),(?<salt>[A-F0-9]+)\r?\n\r?\n)?"
            + @"(Subject:.*\r?\n?Comment:\s*\""\[(?<bits>\d+\-bit) (?<algorithm>\w+).*\""\r?\n?)?"
            + @"(?<data>([a-zA-Z0-9/+=]{1,80}\r?\n?)+)"
            + @"-* ?END \k<keyName> PRIVATE KEY ?-*"
            , RegexOptions.Compiled | RegexOptions.Multiline);

This seems to be more compliant with the RFC for public key formats(rfc4716).  I later determine if "cipherName" is exists and if it does not then I use "algorithm".  I am new to ssh so I know the above has room for improvment and I am curious: do you think this is a reasonable thing to do? 

Below is an example dsa private key with no passphrase created by SSH Tectia Client:

---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: username
Comment: "[2048-bit dsa, username@pcname, Tue Mar 20 10:16:04 2012\
]"
P2/56wAAA4IAAAAmZGwtbW9kcHtzaWdue2RzYS1uaXN0LXNoYTF9LGRoe3BsYWlufX0AAA
AEbm9uZQAAA0QAAANAAAAAAAAACADs8hEJmkzGr+0fc2w0hwq1KUv6JScDTUWPYMfpryQ1
ARK11ihqC+6qHSvXBVVm1d8xRcG4XCeY+9jhxwpZmPE/XM59tuM39fkwbB+ucj9MgaL/fK
WtxdV71SFtXUWXDmy2y/TcXE4Je/LMVKxjPirIS6pRarppk//gQN1Da4POaM6MYlWZOODu
+4ARer4xdaJcKmElewcdGGWUD0sHk37BOguTK9mz3P6mYuHgMlRJ2ZcAhl0MHyar1PgkKH
+yxI8c448LkwGYF8iUdmHZeXayYUSgwFZEL9CIw5ooyHmPtHWmeOj9rkj7hVhs5J5tc3MU
/zzlLPxx5U9ZRPQCpaxvAAAIAKqmIXD5QVYpodcfeCr4U+MkN9DpsZ+rUl+Cg2gsO4Wtax
kNid7OdySTzPVSHEY6Tk95pFuHE5mRwTig6kO2FJ+msAhoybsoDFoNKrbK7GqJdUQOeUWj
2es7LgsLQR+BDUJ9NZVRqSkhc+q8XhBtVL/RdlJNqoAqHrcVMV+pYgxOd9/y+Xzs6ataii
qeOVIKK/KNbq/OqKbqWE33e7076X9+gQNVTnyalwVFVzVM3WOIDdZjdvupTOm1BzgDAsni
BvEciS3pKIk7d/c8wv9RqUqd7BrE4RWQFVbF10IveHJiCY/svsjXqaOnwnj7VRzISvSnOb
i+5CO1jIATTiZ5PXMAAACgvHVWZhwc3+SuWCZAy+LGN2eB/x8AAAf+J7wXg1IdDKtqOf8X
erxCF7r/RQlTkXROY3rAsRLTClIjdp1yMttPAjYB9c7czN1MhSmda60IpT6OvYW6GcdM5s
33CRtYpmiYgWQE+aGcwVPquaV2R/50HO4P273Mx1X5Qb4VS7rV1RKFRkAQWTQumJyBcQGg
nrHLjdu/znADgAX5NlS58PLzaCE2Wjix969VqIRNG1M1uNv7aaLfypUU7ggvB9N9J10+zy
B18xI4H0IZceDL/OAnafWH3GOqf1pTQtk/g+ZRtTwfrSyoJ8+DWmqEBteMlXBLa8lNYuTo
WZszdS8q3JiKmaBN8YDo08Z4cM1bnTNjDLi6SnxAH+wWWQAAAJ4xN8I+O465+TJxaa3/Kd
4GJviRDA==
---- END SSH2 ENCRYPTED PRIVATE KEY ----
Coordinator
Mar 20, 2012 at 2:41 PM

Hi,

 

Thanks for posting it.

 

I made this regex based on keys that was available to me at a time so if you think this key will cover bigger range of keys that I will be glad to cover them as well.

 

As far as I remember I did not implement SSH ENCRYPTED key, since I don't have server that supports it that I can test against.

Please let me know if you come up with regex that can cover both, current scenarios and tectia server too, then I can simply update this regex in the source so it could be available to everybody.

 

Thanks,

Oleg

Mar 20, 2012 at 3:22 PM

Will do.  I will continue to try and test.  If (hopefully when) I have a functional Regex that works for my scenario, I will provide it to you.  If there are more unfavorable nuances in my regex please let me know.

Apr 27, 2012 at 4:09 PM
This discussion has been copied to a work item. Click here to go to the work item and continue the discussion.
May 8, 2013 at 3:39 PM
Any chance support for a public SSH2 key will be included any time soon?