Package org.apache.sshd.putty

Interface PuttyKeyPairResourceParser<PUB extends java.security.PublicKey,PRV extends java.security.PrivateKey>

Type Parameters:

PUB - Generic public key type

PRV - Generic private key type

All Superinterfaces:

IdentityResourceLoader<PUB,PRV>, KeyPairResourceLoader, KeyPairResourceParser, KeyTypeNamesSupport

All Known Implementing Classes:

AbstractPuttyKeyDecoder, DSSPuttyKeyDecoder, ECDSAPuttyKeyDecoder, EdDSAPuttyKeyDecoder, RSAPuttyKeyDecoder

public interface PuttyKeyPairResourceParser<PUB extends java.security.PublicKey,PRV extends java.security.PrivateKey>
extends IdentityResourceLoader<PUB,PRV>, KeyPairResourceParser

Loads a KeyPair from PuTTY's ".ppk" file.

Note(s):

• The file appears to be a text file but it doesn't have a fixed encoding like UTF-8. We use UTF-8 as the default encoding - since the important part is all ASCII, this shouldn't really hurt the interpretation of the key.
• Based on code from Kohsuke's Trilead Putty Extension
• Encrypted keys requires AES-256-CBC support, which is available only if the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are installed

Sample PuTTY file format

 PuTTY-User-Key-File-2: ssh-rsa
 Encryption: none
 Comment: rsa-key-20080514
 Public-Lines: 4
 AAAAB3NzaC1yc2EAAAABJQAAAIEAiPVUpONjGeVrwgRPOqy3Ym6kF/f8bltnmjA2
 BMdAtaOpiD8A2ooqtLS5zWYuc0xkW0ogoKvORN+RF4JI+uNUlkxWxnzJM9JLpnvA
 HrMoVFaQ0cgDMIHtE1Ob1cGAhlNInPCRnGNJpBNcJ/OJye3yt7WqHP4SPCCLb6nL
 nmBUrLM=
 Private-Lines: 8
 AAAAgGtYgJzpktzyFjBIkSAmgeVdozVhgKmF6WsDMUID9HKwtU8cn83h6h7ug8qA
 hUWcvVxO201/vViTjWVz9ALph3uMnpJiuQaaNYIGztGJBRsBwmQW9738pUXcsUXZ
 79KJP01oHn6Wkrgk26DIOsz04QOBI6C8RumBO4+F1WdfueM9AAAAQQDmA4hcK8Bx
 nVtEpcF310mKD3nsbJqARdw5NV9kCxPnEsmy7Sy1L4Ob/nTIrynbc3MA9HQVJkUz
 7V0va5Pjm/T7AAAAQQCYbnG0UEekwk0LG1Hkxh1OrKMxCw2KWMN8ac3L0LVBg/Tk
 8EnB2oT45GGeJaw7KzdoOMFZz0iXLsVLNUjNn2mpAAAAQQCN6SEfWqiNzyc/w5n/
 lFVDHExfVUJp0wXv+kzZzylnw4fs00lC3k4PZDSsb+jYCMesnfJjhDgkUA0XPyo8
 Emdk
 Private-MAC: 50c45751d18d74c00fca395deb7b7695e3ed6f77
 

Field Summary

Fields

Modifier and Type	Field	Description
static int	FORMAT_3_MAC_KEY_LENGTH	PUTTY key v3 MAC key length
static java.lang.String	KEY_FILE_HEADER_PREFIX
static java.util.List<java.lang.String>	KNOWN_HEADERS
static java.lang.String	NO_PRIVATE_KEY_ENCRYPTION_VALUE	Value (case insensitive) used to denote that private key is not encrypted
static java.lang.String	PPK_FILE_SUFFIX
static java.lang.String	PRIVATE_LINES_HEADER
static java.lang.String	PUBLIC_LINES_HEADER

Fields inherited from interface org.apache.sshd.common.config.keys.IdentityResourceLoader

MAX_BIGINT_OCTETS_COUNT

Fields inherited from interface org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader

MAX_CIPHER_NAME_LENGTH, MAX_KEY_COMMENT_LENGTH, MAX_KEY_TYPE_NAME_LENGTH, MAX_PRIVATE_KEY_DATA_SIZE, MAX_PUBLIC_KEY_DATA_SIZE

Fields inherited from interface org.apache.sshd.common.config.keys.loader.KeyPairResourceParser

EMPTY

Method Summary

Modifier and Type	Method	Description
default boolean	canExtractKeyPairs(NamedResource resourceKey, java.util.List<java.lang.String> lines)
static void	decodeEncryptionKey(int formatVersion, java.lang.String passphrase, byte[] iv, byte[] key, java.util.Map<java.lang.String,java.lang.String> headers)	Converts a pass-phrase into a key, by following the conventions that PuTTY uses.
static byte[]	decodePrivateKeyBytes(byte[] encBytes, java.lang.String cipherName, java.lang.String cipherMode, int numBits, byte[] initVector, byte[] keyValue)
static byte[]	decodePrivateKeyBytes(int formatVersion, byte[] prvBytes, java.lang.String algName, int numBits, java.lang.String algMode, java.lang.String password, java.util.Map<java.lang.String,java.lang.String> headers)
static void	deriveFormat2EncryptionKey(java.lang.String passphrase, byte[] iv, byte[] key)	Uses the "legacy" KDF via SHA-1
static void	deriveFormat3EncryptionKey(java.lang.String passphrase, java.lang.String keyDerivationType, byte[] iv, byte[] key, java.util.Map<java.lang.String,java.lang.String> headers)
static byte[]	getHexArrayHeaderValue(java.util.Map<java.lang.String,java.lang.String> headers, java.lang.String key)
static int	getIntegerHeaderValue(java.util.Map<java.lang.String,java.lang.String> headers, java.lang.String key)
static java.lang.String	getStringHeaderValue(java.util.Map<java.lang.String,java.lang.String> headers, java.lang.String key)

Methods inherited from interface org.apache.sshd.common.config.keys.IdentityResourceLoader

getPrivateKeyType, getPublicKeyType

Methods inherited from interface org.apache.sshd.common.config.keys.loader.KeyPairResourceLoader

loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs, loadKeyPairs

Methods inherited from interface org.apache.sshd.common.config.keys.KeyTypeNamesSupport

getSupportedKeyTypes

Field Detail

KEY_FILE_HEADER_PREFIX

static final java.lang.String KEY_FILE_HEADER_PREFIX

See Also:

Constant Field Values

PUBLIC_LINES_HEADER

static final java.lang.String PUBLIC_LINES_HEADER

See Also:

Constant Field Values

PRIVATE_LINES_HEADER

static final java.lang.String PRIVATE_LINES_HEADER

See Also:

Constant Field Values

PPK_FILE_SUFFIX

static final java.lang.String PPK_FILE_SUFFIX

See Also:

Constant Field Values

KNOWN_HEADERS

static final java.util.List<java.lang.String> KNOWN_HEADERS

NO_PRIVATE_KEY_ENCRYPTION_VALUE

static final java.lang.String NO_PRIVATE_KEY_ENCRYPTION_VALUE

Value (case insensitive) used to denote that private key is not encrypted

See Also:

Constant Field Values

FORMAT_3_MAC_KEY_LENGTH

static final int FORMAT_3_MAC_KEY_LENGTH

PUTTY key v3 MAC key length

See Also:

Constant Field Values

Method Detail

canExtractKeyPairs

default boolean canExtractKeyPairs(NamedResource resourceKey,
                                   java.util.List<java.lang.String> lines)
                            throws java.io.IOException,
                                   java.security.GeneralSecurityException

Specified by:

canExtractKeyPairs in interface KeyPairResourceParser

Parameters:

resourceKey - A hint as to the origin of the text lines

lines - The resource lines

Returns:

true if the parser can extract some key pairs from the lines

Throws:

java.io.IOException - If failed to process the lines

java.security.GeneralSecurityException - If failed to extract information regarding the possibility to extract the key pairs

decodePrivateKeyBytes

static byte[] decodePrivateKeyBytes(int formatVersion,
                                    byte[] prvBytes,
                                    java.lang.String algName,
                                    int numBits,
                                    java.lang.String algMode,
                                    java.lang.String password,
                                    java.util.Map<java.lang.String,java.lang.String> headers)
                             throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

decodePrivateKeyBytes

static byte[] decodePrivateKeyBytes(byte[] encBytes,
                                    java.lang.String cipherName,
                                    java.lang.String cipherMode,
                                    int numBits,
                                    byte[] initVector,
                                    byte[] keyValue)
                             throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

decodeEncryptionKey

static void decodeEncryptionKey(int formatVersion,
                                java.lang.String passphrase,
                                byte[] iv,
                                byte[] key,
                                java.util.Map<java.lang.String,java.lang.String> headers)
                         throws java.security.GeneralSecurityException

Converts a pass-phrase into a key, by following the conventions that PuTTY uses. Used to decrypt the private key when it's encrypted.

Parameters:

formatVersion - The file format version

passphrase - The Password to be used as seed for the key - ignored if null/empty

iv - Initialization vector to be populated if necessary

key - Key to be populated

headers - Any extra headers found in the PPK file that might be used for KDF

Throws:

java.security.GeneralSecurityException - If cannot derive the key bytes from the password

deriveFormat3EncryptionKey

static void deriveFormat3EncryptionKey(java.lang.String passphrase,
                                       java.lang.String keyDerivationType,
                                       byte[] iv,
                                       byte[] key,
                                       java.util.Map<java.lang.String,java.lang.String> headers)
                                throws java.security.GeneralSecurityException

Throws:

java.security.GeneralSecurityException

getStringHeaderValue

static java.lang.String getStringHeaderValue(java.util.Map<java.lang.String,java.lang.String> headers,
                                             java.lang.String key)

getHexArrayHeaderValue

static byte[] getHexArrayHeaderValue(java.util.Map<java.lang.String,java.lang.String> headers,
                                     java.lang.String key)

getIntegerHeaderValue

static int getIntegerHeaderValue(java.util.Map<java.lang.String,java.lang.String> headers,
                                 java.lang.String key)

deriveFormat2EncryptionKey

static void deriveFormat2EncryptionKey(java.lang.String passphrase,
                                       byte[] iv,
                                       byte[] key)
                                throws java.security.GeneralSecurityException

Uses the "legacy" KDF via SHA-1

Parameters:

passphrase - The Password to be used as seed for the key - ignored if null/empty

iv - Initialization vector to be populated if necessary

key - Key to be populated

Throws:

java.security.GeneralSecurityException - If cannot retrieve SHA-1 digest

See Also:

How does Putty derive the encryption key in its .ppk format ?