Opened 7 months ago

Closed 7 months ago

#9681 defect closed fixed (fixed)

Wrong iqmp parameter in serialised RSA private keys

Reported by: Colin Watson Owned by: Glyph
Priority: normal Milestone:
Component: conch Keywords:
Cc: Branch:
Author:

Description (last modified by Colin Watson)

Conch serialises RSA private keys for OpenSSH and LSH with the "iqmp" parameter set to p-1 mod q, but OpenSSH and LSH both expect that to be q-1 mod p. Prior to the fix in #9518, p and q were sometimes swapped causing this to end up being accidentally correct anyway; but we should really write out the correct value.

(I noticed this when working on a branch to add support for writing OpenSSH's newish "v1" private key format.)

Change History (4)

comment:1 Changed 7 months ago by Colin Watson

Keywords: review added

https://github.com/twisted/twisted/pull/1171

comment:2 Changed 7 months ago by Colin Watson

Description: modified (diff)

comment:3 Changed 7 months ago by Glyph

Keywords: review removed
Owner: set to Glyph

Looks like this is correct, so I will land. Thanks for your contribution!

comment:4 Changed 7 months ago by Glyph <glyph@…>

Resolution: fixed
Status: newclosed

In 51943386:

Merge pull request #1171 from cjwatson/9681-conch-rsa-iqmp

Author: cjwatson

Reviewer: glyph, reaperhulk

Fixes: ticket:9681

Fix iqmp parameter in serialized RSA private keys

Note: See TracTickets for help on using tickets.