From 91a51d10f92bd20753ba42917d7ca5c5f494c9f5 Mon Sep 17 00:00:00 2001 From: Joseph Montanaro Date: Sun, 10 Nov 2024 16:00:09 -0500 Subject: [PATCH] fix typo in ssh keys post --- src/routes/_posts/ssh-key-formats.svx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/routes/_posts/ssh-key-formats.svx b/src/routes/_posts/ssh-key-formats.svx index a4becec..d50ee45 100644 --- a/src/routes/_posts/ssh-key-formats.svx +++ b/src/routes/_posts/ssh-key-formats.svx @@ -7,7 +7,7 @@ date: 2024-07-06 import Sidenote from '$lib/Sidenote.svelte'; -Like a lot of people, my main experience with private keys has come from using them for SSH. I'm familiar with the theory, of course - I know generally what asymmetric encryption does,Although exactly _how_ it does so is still a complete mystery to me. I've looked up descriptions of RSA several times,Testing nested notes again. and even tried to work my way through a toy example, but it's never helped. And I couldn't even _begin_ to explain elliptic curve cryptography beyond "black math magic". and I know that it means a compromised server can't reveal your private key, which is nice although if you only ever use a given private key to SSH into your server and the server is already compromised, is that really so helpful?Yes, yes, I know that it means you can use the same private key for _multiple_ things without having to worry, but in practice a lot of people seem to use separate private keys for separate things, and even though I'm not entirely sure why I feel uncomfortable doing otherwise. +Like a lot of people, my main experience with private keys has come from using them for SSH. I'm familiar with the theory, of course - I know generally what asymmetric encryption does,Although exactly _how_ it does so is still a complete mystery to me. I've looked up descriptions of RSA several times, and even tried to work my way through a toy example, but it's never helped. And I couldn't even _begin_ to explain elliptic curve cryptography beyond "black math magic". and I know that it means a compromised server can't reveal your private key, which is nice although if you only ever use a given private key to SSH into your server and the server is already compromised, is that really so helpful?Yes, yes, I know that it means you can use the same private key for _multiple_ things without having to worry, but in practice a lot of people seem to use separate private keys for separate things, and even though I'm not entirely sure why I feel uncomfortable doing otherwise. What I was less aware of, however, was the various ways in which private keys can be _stored_, which rather suddenly became a more-than-purely-academic concern to me this past week. I had an old private key lying around which had originally been generated by AWS, and used a rather old format,The oldest, I believe, that's in widespread use still. and I needed it to be comprehensible by newer software which loftily refused to have anything to do with such outdated ways of expressing itself.Who would write such obdurately high-handed software, you ask? Well, uh. Me, as it turns out. In my defense, though, I doubt it would have taken _less_ time to switch to a different SSH-key library than to figure out the particular magic incantation needed to get `ssh-keygen` to do it. No problem, thought I, I'll just use `ssh-keygen` to convert the old format to a newer format! Unfortunately this was frustratinglyAnd needlessly, it seems to me? difficult to figure out, so I'm writing it up here for posterity and so that I never have to look it up again.You know how it works. Once you've taken the time to really describe process in detail, you have it locked in and never have to refer back to your notes.