[Prev] Thread [Next]  |  [Prev] Date [Next]

Re: [JSch-users] Problem with using a AES-256-CBC private key for authentification Atsuhiko Yamanaka Wed Oct 22 08:00:56 2008


   +-From: <[EMAIL PROTECTED]> ----------
   |_Date: Wed, 22 Oct 2008 12:33:17 +0200 __
   |I try to connect to a SFTP-Server with a AES-256-CBC private key 
   |using a passphrase.
   |If I run this, I get (things between [] are manually replaced for
   |this mail only):
   |privateKey: -----BEGIN DSA PRIVATE KEY-----
   |Proc-Type: 4,ENCRYPTED
   |DEK-Info: AES-256-CBC,76575591709273D449EAFE15513FBCEF
   |[...key in base64 encoding...]
   |-----END DSA PRIVATE KEY-----

It is interesting.
JSch has only supported the private key ciphered by 3DES,
because OpenSSH's ssh-keygen usually generates keys with 3DES.
How did you generate that key?  If I can generate such a key by myself,
I'll be able to support it.

By the way, AES-256 is not available on usual JRE.  
Here is a quote from JSch's README,

  >AES cipher
  >Since version 0.1.21, jsch can support aes128-cbc,aes192-cbc,aes256-cbc,
  >but you require AES support on your J2SE to choose some of them.  
  >If you are using Sun's J2SE, J2SE 1.4.2 or later is required.  
  >And then, J2SE 1.4.2(or later) does not support aes256 by the default, 
  >because of 'import control restrictions of some countries'.
  >We have confirmed that by applying
  >  "Java Cryptography Extension (JCE)
  >  Unlimited Strength Jurisdiction Policy Files 1.4.2"
  >  http://java.sun.com/j2se/1.4.2/download.html#docs
  >we can enjoy 'aes256-cbc'.

Atsuhiko Yamanaka
SENDAI, MIYAGI 980-0014 Japan.
Tel +81-22-723-2150
Fax +81-22-224-8773
Skype callto://jcraft/

This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
JSch-users mailing list