Package org.apache.sshd.putty
Interface PuttyKeyPairResourceParser<PUB extends PublicKey,PRV extends PrivateKey>
- Type Parameters:
PUB
- Generic public key typePRV
- Generic private key type
- All Superinterfaces:
IdentityResourceLoader<PUB,
,PRV> KeyPairResourceLoader
,KeyPairResourceParser
,KeyTypeNamesSupport
- All Known Implementing Classes:
AbstractPuttyKeyDecoder
,DSSPuttyKeyDecoder
,ECDSAPuttyKeyDecoder
,EdDSAPuttyKeyDecoder
,RSAPuttyKeyDecoder
public interface PuttyKeyPairResourceParser<PUB extends PublicKey,PRV extends PrivateKey>
extends IdentityResourceLoader<PUB,PRV>, KeyPairResourceParser
Loads a
KeyPair
from PuTTY's ".ppk" file.
Note(s):
- The file appears to be a text file but it doesn't have a fixed encoding like UTF-8. We use UTF-8 as the default encoding - since the important part is all ASCII, this shouldn't really hurt the interpretation of the key.
- Based on code from Kohsuke's Trilead Putty Extension
- Encrypted keys requires AES-256-CBC support, which is available only if the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are installed
Sample PuTTY file format
PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20080514 Public-Lines: 4 AAAAB3NzaC1yc2EAAAABJQAAAIEAiPVUpONjGeVrwgRPOqy3Ym6kF/f8bltnmjA2 BMdAtaOpiD8A2ooqtLS5zWYuc0xkW0ogoKvORN+RF4JI+uNUlkxWxnzJM9JLpnvA HrMoVFaQ0cgDMIHtE1Ob1cGAhlNInPCRnGNJpBNcJ/OJye3yt7WqHP4SPCCLb6nL nmBUrLM= Private-Lines: 8 AAAAgGtYgJzpktzyFjBIkSAmgeVdozVhgKmF6WsDMUID9HKwtU8cn83h6h7ug8qA hUWcvVxO201/vViTjWVz9ALph3uMnpJiuQaaNYIGztGJBRsBwmQW9738pUXcsUXZ 79KJP01oHn6Wkrgk26DIOsz04QOBI6C8RumBO4+F1WdfueM9AAAAQQDmA4hcK8Bx nVtEpcF310mKD3nsbJqARdw5NV9kCxPnEsmy7Sy1L4Ob/nTIrynbc3MA9HQVJkUz 7V0va5Pjm/T7AAAAQQCYbnG0UEekwk0LG1Hkxh1OrKMxCw2KWMN8ac3L0LVBg/Tk 8EnB2oT45GGeJaw7KzdoOMFZz0iXLsVLNUjNn2mpAAAAQQCN6SEfWqiNzyc/w5n/ lFVDHExfVUJp0wXv+kzZzylnw4fs00lC3k4PZDSsb+jYCMesnfJjhDgkUA0XPyo8 Emdk Private-MAC: 50c45751d18d74c00fca395deb7b7695e3ed6f77
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final int
PUTTY key v3 MAC key lengthstatic final String
static final String
Value (case insensitive) used to denote that private key is not encryptedstatic final String
static final String
static final String
Fields inherited from interface org.apache.sshd.common.config.keys.IdentityResourceLoader
MAX_BIGINT_OCTETS_COUNT
Fields inherited from interface org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader
MAX_CIPHER_NAME_LENGTH, MAX_KEY_COMMENT_LENGTH, MAX_KEY_TYPE_NAME_LENGTH, MAX_PRIVATE_KEY_DATA_SIZE, MAX_PUBLIC_KEY_DATA_SIZE
Fields inherited from interface org.apache.sshd.common.config.keys.loader.KeyPairResourceParser
EMPTY
-
Method Summary
Modifier and TypeMethodDescriptiondefault boolean
canExtractKeyPairs
(NamedResource resourceKey, List<String> lines) static void
decodeEncryptionKey
(int formatVersion, String passphrase, byte[] iv, byte[] key, Map<String, String> headers) Converts a pass-phrase into a key, by following the conventions that PuTTY uses.static byte[]
decodePrivateKeyBytes
(byte[] encBytes, String cipherName, String cipherMode, int numBits, byte[] initVector, byte[] keyValue) static byte[]
decodePrivateKeyBytes
(int formatVersion, byte[] prvBytes, String algName, int numBits, String algMode, String password, Map<String, String> headers) static void
deriveFormat2EncryptionKey
(String passphrase, byte[] iv, byte[] key) Uses the "legacy" KDF via SHA-1static void
deriveFormat3EncryptionKey
(String passphrase, String keyDerivationType, byte[] iv, byte[] key, Map<String, String> headers) static byte[]
getHexArrayHeaderValue
(Map<String, String> headers, String key) static int
getIntegerHeaderValue
(Map<String, String> headers, String key) static String
getStringHeaderValue
(Map<String, String> headers, String key) Methods inherited from interface org.apache.sshd.common.config.keys.IdentityResourceLoader
getPrivateKeyType, getPublicKeyType
Methods inherited from interface org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader
loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs
Methods inherited from interface org.apache.sshd.common.config.keys.KeyTypeNamesSupport
getSupportedKeyTypes
-
Field Details
-
KEY_FILE_HEADER_PREFIX
- See Also:
-
PUBLIC_LINES_HEADER
- See Also:
-
PRIVATE_LINES_HEADER
- See Also:
-
PPK_FILE_SUFFIX
- See Also:
-
KNOWN_HEADERS
-
NO_PRIVATE_KEY_ENCRYPTION_VALUE
Value (case insensitive) used to denote that private key is not encrypted- See Also:
-
FORMAT_3_MAC_KEY_LENGTH
static final int FORMAT_3_MAC_KEY_LENGTHPUTTY key v3 MAC key length- See Also:
-
-
Method Details
-
canExtractKeyPairs
default boolean canExtractKeyPairs(NamedResource resourceKey, List<String> lines) throws IOException, GeneralSecurityException - Specified by:
canExtractKeyPairs
in interfaceKeyPairResourceParser
- Parameters:
resourceKey
- A hint as to the origin of the text lineslines
- The resource lines- Returns:
true
if the parser can extract some key pairs from the lines- Throws:
IOException
- If failed to process the linesGeneralSecurityException
- If failed to extract information regarding the possibility to extract the key pairs
-
decodePrivateKeyBytes
static byte[] decodePrivateKeyBytes(int formatVersion, byte[] prvBytes, String algName, int numBits, String algMode, String password, Map<String, String> headers) throws GeneralSecurityException- Throws:
GeneralSecurityException
-
decodePrivateKeyBytes
static byte[] decodePrivateKeyBytes(byte[] encBytes, String cipherName, String cipherMode, int numBits, byte[] initVector, byte[] keyValue) throws GeneralSecurityException - Throws:
GeneralSecurityException
-
decodeEncryptionKey
static void decodeEncryptionKey(int formatVersion, String passphrase, byte[] iv, byte[] key, Map<String, String> headers) throws GeneralSecurityExceptionConverts a pass-phrase into a key, by following the conventions that PuTTY uses. Used to decrypt the private key when it's encrypted.- Parameters:
formatVersion
- The file format versionpassphrase
- The Password to be used as seed for the key - ignored ifnull
/emptyiv
- Initialization vector to be populated if necessarykey
- Key to be populatedheaders
- Any extra headers found in the PPK file that might be used for KDF- Throws:
GeneralSecurityException
- If cannot derive the key bytes from the password
-
deriveFormat3EncryptionKey
static void deriveFormat3EncryptionKey(String passphrase, String keyDerivationType, byte[] iv, byte[] key, Map<String, String> headers) throws GeneralSecurityException- Throws:
GeneralSecurityException
-
getStringHeaderValue
-
getHexArrayHeaderValue
-
getIntegerHeaderValue
-
deriveFormat2EncryptionKey
static void deriveFormat2EncryptionKey(String passphrase, byte[] iv, byte[] key) throws GeneralSecurityException Uses the "legacy" KDF via SHA-1- Parameters:
passphrase
- The Password to be used as seed for the key - ignored ifnull
/emptyiv
- Initialization vector to be populated if necessarykey
- Key to be populated- Throws:
GeneralSecurityException
- If cannot retrieve SHA-1 digest- See Also:
-