We support encrypted OpenSSH keys (defined at https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key) for which we have a bcrypt implementation (from somewhere) for the key derivation (kdf).
Now that we depend on BouncyCastle and have replaced a lot of internal crypto with a BouncyCastle implementation, we may also be able to use https://github.com/bcgit/bc-csharp/blob/master/crypto/src/crypto/generators/BCrypt.cs
As far as I can tell, the OpenSSH kdf does a little bit on top of straight bcrypt, probably encapsulated here:
|
public void Pbkdf(byte[] password, byte[] salt, int rounds, byte[] output) |
It may be possible to replace all or some of our Bcrypt.cs with BouncyCastle
We support encrypted OpenSSH keys (defined at https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key) for which we have a bcrypt implementation (from somewhere) for the key derivation (kdf).
Now that we depend on BouncyCastle and have replaced a lot of internal crypto with a BouncyCastle implementation, we may also be able to use https://github.com/bcgit/bc-csharp/blob/master/crypto/src/crypto/generators/BCrypt.cs
As far as I can tell, the OpenSSH kdf does a little bit on top of straight bcrypt, probably encapsulated here:
SSH.NET/src/Renci.SshNet/Security/Cryptography/Bcrypt.cs
Line 853 in fe827a5
It may be possible to replace all or some of our Bcrypt.cs with BouncyCastle