Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > SecureCRT on the Mac

Reply
 
Thread Tools Rate Thread Display Modes
  #1  
Old 09-17-2014, 02:22 PM
cnd cnd is offline
Registered User
 
Join Date: Sep 2014
Posts: 2
Password protected private keys do not work on Mac

I created my key like this:-

openssl dsaparam -genkey 2048 | openssl dsa -aes128 -out id_dsa_2048_openssh_format ; chmod 600 id_dsa_2048_openssh_format

It looks exactly the same as what SecureCRT key look like:

mine:-
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,56C264AC0E5C886F8E1B55E180E681BF

KT3QbEA5speNqdV4sQQYu/cqfFawOo8U8/VhrYr2uxuQzIwArD3WVB4GV/K6omob
(snip)
VFzBsHwGwyyLVIPaD3sIdPbFC03PWPfYpiqsCftjkMyPBIBVuRLAHncqIs4MZXsa
-----END DSA PRIVATE KEY-----

SecureCRT-generated one:-
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,56C264AC0E5C886F8E1B55E180E681BF

KT3QbEA5speNqdV4sQQYu/cqfFawOo8U8/VhrYr2uxuQzIwArD3WVB4GV/K6omob
(snip)
VFzBsHwGwyyLVIPaD3sIdPbFC03PWPfYpiqsCftjkMyPBIBVuRLAHncqIs4MZXsa
-----END DSA PRIVATE KEY-----

However - when SecureCRT tries to use the openssh key, it asks me for my password, and tells me I've typed the wrong password.

No - I did not type the wrong password, and yes, I know what the "caps lock" does.

FYI - I also tried DES and every other possible key format, with a variety of different key bitsizes - nothing works (and a few crash SecureCRT entirely, like, when I choose no password at all for example).

What's the deal? This looks like a bug in how SecureCRT is passing the password to the algs below - like maybe not padding it right, or not terminating it right, or something.

How can I generate protected keys for distribution to my EC2 / AMI appliance customers? (and no - they can not upload them to me, so don't go there).

I'm using v7.0.1 on OSX 64
Reply With Quote
  #2  
Old 09-17-2014, 05:35 PM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi cnd,
Quote:
However - when SecureCRT tries to use the openssh key, it asks me for my password, and tells me I've typed the wrong password.
Thanks for the post. I was able to reproduce the behavior you have reported using a key generated by the OpenSSL command you posted.

We are investigating the behavior. I will post here when we have more questions or information.

As to the crashes, please send an email to support@vandyke.com so we can investigate the problems. In the subject line use Attn: Todd - Forum thread 11698.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #3  
Old 09-17-2014, 11:26 PM
cnd cnd is offline
Registered User
 
Join Date: Sep 2014
Posts: 2
FYI - updated to 7.2.6 - same problem

7.2.6 also can't get the password right.

Keys without passwords, produce this error popup:-

could not load the public key from the private key (filename) - Unexpected crypto++ exception: CryptoMaterial: this object contains invalid values
Reply With Quote
  #4  
Old 09-18-2014, 11:20 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi cnd,

Thanks for the additional test. Since 7.0 is no longer in active development, I tested using 7.3 beta 3 where I saw the same behavior you saw in 7.0. I made a note that you see a different issue in 7.2.6.

I will post an update when I have more information.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730
Reply With Quote
  #5  
Old 12-17-2014, 04:44 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,567
Quote:
Originally Posted by cnd View Post
I created my key like this:-

openssl dsaparam -genkey 2048 | openssl dsa -aes128 -out id_dsa_2048_openssh_format ; chmod 600 id_dsa_2048_openssh_format

<snip>

How can I generate protected keys for distribution to my EC2 / AMI appliance customers? (and no - they can not upload them to me, so don't go there).

I'm using v7.0.1 on OSX 64
Due to export restrictions, SecureCRT cannot use DSA keys larger than 1024 bits. In the above command line, if you replace "2048" with "1024", the keys should work.

If you'd like to use larger keys and your EC2 / AMI works with RSA keys, SecureCRT version 7.3 and later will work with RSA keys up to 16384 bits.

Maureen
Reply With Quote
Reply

Tags
securecrt bug


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 12:25 AM.