From 7c014017708662edf612cbc6e153a6246453ba69 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Sat, 29 Apr 2023 23:23:32 +0200 Subject: [PATCH] crypt: Deprecate PEM keys. Users have been advised since 2018 to create RFC4716 keys (see commit 9e2b093bed5d), and this has been the default key format for ssh-keygen(1) for a long time as well. Upgrade the severity of the existing log message from info to warning to encourage users at runtime to replace their old keys. --- NEWS.md | 11 +++++++++++ crypt_common.c | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/NEWS.md b/NEWS.md index 598db71f..e122c43f 100644 --- a/NEWS.md +++ b/NEWS.md @@ -1,6 +1,17 @@ NEWS ==== +---------------------------------------------- +0.7.3 (to be announced) "weighted correctness" +---------------------------------------------- + +- Old style PEM keys are now deprecated. They still work but their + use results in a run-time warning. The removal of PEM key support is + scheduled for paraslash-0.8.0. + +Downloads: +[tarball](./releases/paraslash-git.tar.xz) + ------------------------------------- 0.7.2 (2023-03-08) "optical friction" ------------------------------------- diff --git a/crypt_common.c b/crypt_common.c index d7471235..286ebe38 100644 --- a/crypt_common.c +++ b/crypt_common.c @@ -295,7 +295,7 @@ int decode_private_key(const char *key_file, unsigned char **result, key_type = PKT_PEM; begin = map + strlen(PRIVATE_PEM_KEY_HEADER); footer = strstr(map, PRIVATE_PEM_KEY_FOOTER); - PARA_INFO_LOG("detected legacy PEM key %s\n", key_file); + PARA_WARNING_LOG("detected legacy PEM key %s\n", key_file); } else if (strncmp(map, PRIVATE_OPENSSH_KEY_HEADER, strlen(PRIVATE_OPENSSH_KEY_HEADER)) == 0) { key_type = PKT_OPENSSH; -- 2.39.2