PuTTY bug openssh-ed25519-corrupt-private-key

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Pre-release · Snapshot | Docs | Privacy | Changes | Wishlist

summary: PuTTYgen mis-writes OpenSSH private key format for some Ed25519 keys
class: bug: This is clearly an actual problem we want fixed.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
present-in: 0.73 0.74
fixed-in: 4e6c69d5df8304d291eeccc7d23d1f6891811dd1 (0.75)

About 1/256 of all Ed25519 private keys cannot be converted to the OpenSSH private key format by PuTTYgen 0.73. The operation will appear to succeed, but will write out a file that OpenSSH cannot read, and neither can PuTTYgen itself.

The affected keys are those in which the most significant byte of the 32-bit private key integer is zero. In that situation PuTTYgen would accidentally omit the leading zero byte in the OpenSSH key file, writing 31 (or even fewer) bytes of private data.

This was fixed after 0.73, as a side effect of ed448. (The fix did not go into version 0.74, which was released off a branch.) Current development snapshots of PuTTYgen do not exhibit the bug, and can write correct OpenSSH private key files even when the private key has a leading zero byte.


If you want to comment on this web site, see the Feedback page.
Audit trail for this bug.
(last revision of this bug record was at 2021-04-17 14:55:56 +0100)