summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorRobey Pointer <robey@lag.net>2004-04-06 22:03:21 +0000
committerRobey Pointer <robey@lag.net>2004-04-06 22:03:21 +0000
commit68c8a9b2e69f0d5f4f350b26ac1998d26a22dac4 (patch)
tree66ebb9e5f894b4dc27b4875b10d62aa3e8f7a092
parent945a41dd3d2cf7f3d37012c588d8eb07bcc296b2 (diff)
[project @ Arch-1:robey@lag.net--2003-public%secsh--dev--1.0--patch-43]
fix encrypted private key files the random byte padding on private key files' BER data was confusing openssh, so switch to null-byte padding, which is slightly less secure but works with crappy old openssh. also, enforce the mode when writing the private key file. we really really want it to be 0600. (python seems to ignore the mode normally.)
-rw-r--r--paramiko/pkey.py8
1 files changed, 6 insertions, 2 deletions
diff --git a/paramiko/pkey.py b/paramiko/pkey.py
index b812c89e..7b8afcb8 100644
--- a/paramiko/pkey.py
+++ b/paramiko/pkey.py
@@ -22,7 +22,7 @@
Common API for all public keys.
"""
-import base64
+import os, base64
from Crypto.Hash import MD5
from Crypto.Cipher import DES3
@@ -301,6 +301,8 @@ class PKey (object):
@raise IOError: if there was an error writing the file.
"""
f = open(filename, 'w', 0600)
+ # grrr... the mode doesn't always take hold
+ os.chmod(filename, 0600)
f.write('-----BEGIN %s PRIVATE KEY-----\n' % tag)
if password is not None:
# since we only support one cipher here, use it
@@ -313,7 +315,9 @@ class PKey (object):
key = util.generate_key_bytes(MD5, salt, password, keysize)
if len(data) % blocksize != 0:
n = blocksize - len(data) % blocksize
- data += randpool.get_bytes(n)
+ #data += randpool.get_bytes(n)
+ # that would make more sense ^, but it confuses openssh.
+ data += '\0' * n
data = cipher.new(key, mode, salt).encrypt(data)
f.write('Proc-Type: 4,ENCRYPTED\n')
f.write('DEK-Info: %s,%s\n' % (cipher_name, util.hexify(salt)))