A Look into Securing SSH Identities

$ cat rsa-key-PEM
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
$ cat rsa-key-RFC4716
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbm…
#! /bin/bash
key=”<Path/to/Key>”
if output=”$(setsid </dev/null 2>&1 env -i ssh-keygen -y -f $key)”;
then
echo “Unencrypted private key!”
echo $output
else
echo $output
fi
$ ls -l 
-rw------- 1 user user 1876 Dec 5 08:11 rsa-test
-rw------- 1 user user 1876 Dec 5 08:53 rsa-test2
-rw------- 1 user user 1876 Dec 7 15:38 rsa-test3
-rw------- 1 user user 1823 Dec 5 08:13 rsa-test-nopass
-rw------- 1 user user 1823 Dec 6 11:14 rsa-test-nopass1
-rw------- 1 user user 1823 Dec 7 09:33 rsa-test-nopass2
-rw------- 1 user user 1823 Dec 7 13:46 rsa-test-nopass3
OpenSSH_7.9p1, LibreSSL 2.7.3
Printing results. All values are in bytes
[encrypted-key, key size, unencrypted-key, key size, difference between encrypted/unencrypted keys
dsa results:
[‘dsa-1024-pass’, 1434, ‘dsa-1024-nopass’, 1393, 41]
ecdsa results:
[‘ecdsa-256-pass’, 557, ‘ecdsa-256-nopass’, 513, 44]
[‘ecdsa-384-pass’, 667, ‘ecdsa-384-nopass’, 622, 45]
[‘ecdsa-521-pass’, 801, ‘ecdsa-521-nopass’, 748, 53]
rsa results:
[‘rsa-1024-pass’, 1097, ‘rsa-1024-nopass’, 1052, 45]
[‘rsa-2048-pass’, 1876, ‘rsa-2048-nopass’, 1831, 45]
[‘rsa-3072-pass’, 2655, ‘rsa-3072-nopass’, 2610, 45]
[‘rsa-4096-pass’, 3434, ‘rsa-4096-nopass’, 3389, 45]
[‘rsa-8192-pass’, 6550, ‘rsa-8192-nopass’, 6505, 45]
[‘rsa-16384-pass’, 12782, ‘rsa-16384-nopass’, 12737, 45]
Ed25519 results:
[‘Ed25519–256-pass’, 464, ‘Ed25519–256-nopass’, 419, 45]
OpenSSH_8.0p1 Ubuntu-6build1, OpenSSL 1.1.1c  28 May 2019
Printing results. All values are in bytes
[encrypted-key, key size, unencrypted-key, key size, difference between encrypted/unencrypted keys
dsa results:
['dsa-1024-pass', 1434, 'dsa-1024-nopass', 1381, 53]
ecdsa results:
['ecdsa-256-pass', 557, 'ecdsa-256-nopass', 505, 52]
['ecdsa-384-pass', 667, 'ecdsa-384-nopass', 610, 57]
['ecdsa-521-pass', 781, 'ecdsa-521-nopass', 736, 45]
rsa results:
['rsa-1024-pass', 1097, 'rsa-1024-nopass', 1044, 53]
['rsa-2048-pass', 1876, 'rsa-2048-nopass', 1823, 53]
['rsa-3072-pass', 2655, 'rsa-3072-nopass', 2602, 53]
['rsa-4096-pass', 3434, 'rsa-4096-nopass', 3381, 53]
['rsa-8192-pass', 6550, 'rsa-8192-nopass', 6497, 53]
['rsa-16384-pass', 12782, 'rsa-16384-nopass', 12729, 53]
Ed25519 results:
['Ed25519-256-pass', 464, 'Ed25519-256-nopass', 411, 53]

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store