ret->encrypted = 0;
memset(ret->iv, 0, sizeof(ret->iv));
- fp = f_open(*filename, "r", FALSE);
+ fp = f_open(filename, "r", FALSE);
if (!fp) {
errmsg = "unable to open key file";
goto error;
* - let block B equal MD5(A || passphrase || iv)
* - block C would be MD5(B || passphrase || iv) and so on
* - encryption key is the first N bytes of A || B
+ *
+ * (Note that only 8 bytes of the iv are used for key
+ * derivation, even when the key is encrypted with AES and
+ * hence there are 16 bytes available.)
*/
struct MD5Context md5c;
unsigned char keybuf[32];
/*
* Encrypt the key.
+ *
+ * For the moment, we still encrypt our OpenSSH keys using
+ * old-style 3DES.
*/
if (passphrase) {
/*
* And save it. We'll use Unix line endings just in case it's
* subsequently transferred in binary mode.
*/
- fp = f_open(*filename, "wb", TRUE); /* ensure Unix line endings */
+ fp = f_open(filename, "wb", TRUE); /* ensure Unix line endings */
if (!fp)
goto error;
fputs(header, fp);
ret->keyblob = NULL;
ret->keyblob_len = ret->keyblob_size = 0;
- fp = f_open(*filename, "r", FALSE);
+ fp = f_open(filename, "r", FALSE);
if (!fp) {
errmsg = "unable to open key file";
goto error;
* And save it. We'll use Unix line endings just in case it's
* subsequently transferred in binary mode.
*/
- fp = f_open(*filename, "wb", TRUE); /* ensure Unix line endings */
+ fp = f_open(filename, "wb", TRUE); /* ensure Unix line endings */
if (!fp)
goto error;
fputs("---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----\n", fp);