Exception in SSH.NET 2024.2.0 when creating PrivateKeyFile array and passPhrase is an empty string

[jverbosky]

Description
Started getting an exception in v2024.2.0 when attempting to create a PrivateKeyFile array using a keyfile with an empty password - this configuration works fine in v2024.1.0 & below and has been used in production with a vendor's SFTP server for 2+ years.

Exception Message
The encoded length is not valid under the requested encoding rules, the value may be valid under the BER encoding.

StackTrace

   at System.Formats.Asn1.AsnDecoder.ReadLength(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Int32& bytesConsumed)
   at System.Formats.Asn1.AsnDecoder.GetPrimitiveContentSpan(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Asn1Tag expectedTag, UniversalTagNumber tagNumber, Int32& bytesConsumed)
   at System.Formats.Asn1.AsnDecoder.GetIntegerContents(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Asn1Tag expectedTag, UniversalTagNumber tagNumber, Int32& bytesConsumed)
   at System.Formats.Asn1.AsnDecoder.ReadIntegerBytes(ReadOnlySpan`1 source, AsnEncodingRules ruleSet, Int32& bytesConsumed, Nullable`1 expectedTag)
   at System.Formats.Asn1.AsnReader.ReadInteger(Nullable`1 expectedTag)
   at Renci.SshNet.Security.RsaKey..ctor(Byte[] privateKeyData)
   at Renci.SshNet.PrivateKeyFile.Open(Stream privateKey, String passPhrase)
   at Renci.SshNet.PrivateKeyFile..ctor(String fileName, String passPhrase, String certificateFileName)
   at Renci.SshNet.PrivateKeyFile..ctor(String fileName, String passPhrase)
   at webdevHealthCheck_Services.SftpService.GetSftpConnectionInfo(String sftpServerOption) in E:\Reports\webdevHealthCheck\App\services\remote\SftpService.cs:line 73

Screenshot:

To Reproduce
Here's part a basic prototype to confirm the behavior - the call to create the PrivateKeyFile array is where the exception occurs:

static void Main(string[] args)
{
    ConnectionInfo connectionInfo = null;
    List<AuthenticationMethod> authenticationMethods = [];
    string fileName = @"C:\Prototypes\dotnet_sftp_ssh-key\keys\wfgSshAuthKey";
    string passPhrase = "";

    try
    {
        // bug in SSH.NET 2024.2.0 causing this to fail when _sshKeyPassphrase is an empty string
        // - tested 2024.0.0 - fine
        // - tested 2024.1.0 - fine
        // - tested 2024.2.0 - exception
        PrivateKeyFile[] keyFiles = [new(fileName, passPhrase)];
        authenticationMethods.Add(new PrivateKeyAuthenticationMethod(_sftpUsername, keyFiles));

        connectionInfo = new(_sftpServer, _sftpPort, _sftpUsername, authenticationMethods.ToArray());
    }
    catch (Exception ex)
    {
        _logService.LogActivity($"Exception constructing ConnectionInfo object...");
        _logService.LogActivity($"Exception: {ex.Message}");
    }

}

Screenshot - reproduce

Expected behavior
In v2024.1.0 and below, a PrivateKeyFile array can be created using an empty string for the passPhrase value, and subsequently used to create a new ConnectionInfo object which can be used to create a new SftpClient instance.

Thank you for your help and please advise if you need any more details to reproduce.

[Rob-Hague]

Perhaps we should be reading BER @scott-xu ?

diff --git a/src/Renci.SshNet/Security/Cryptography/RsaKey.cs b/src/Renci.SshNet/Security/Cryptography/RsaKey.cs
index e1456ea6..a95b25f1 100644
--- a/src/Renci.SshNet/Security/Cryptography/RsaKey.cs
+++ b/src/Renci.SshNet/Security/Cryptography/RsaKey.cs
@@ -161,7 +161,7 @@ public RsaKey(byte[] privateKeyData)
         {
             ThrowHelper.ThrowIfNull(privateKeyData);

-            var der = new AsnReader(privateKeyData, AsnEncodingRules.DER).ReadSequence();
+            var der = new AsnReader(privateKeyData, AsnEncodingRules.BER).ReadSequence();
             _ = der.ReadInteger(); // skip version

             Modulus = der.ReadInteger();

Is there anywhere that mandates DER rather than just BER for PKCS#1? I don't see anything here:
https://datatracker.ietf.org/doc/html/rfc3447#appendix-A.1.2

P.S. I updated the top post to wrap blocks in triple ticks ` per https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/creating-and-highlighting-code-blocks

[Rob-Hague]

@jverbosky perhaps you can build this repo with that change above and see if it works for you? Changes were made in this area for 2024.2.0

Do you know how your key was generated i.e. which program?

[jverbosky]

@Rob-Hague apologies for my delayed reply, been busy and had to research how to accomplish what you suggested.

---

I used a program called VShell for generating the SSH key:
https://www.vandyke.com/products/vshell/docs/guide/public_keys.html

In case it's any help, here's my notes from when I created this key:

SFTP server doesn't use a passphrase, so just hit Enter when prompted for passphrase:

c:\Program Files\VanDyke Software\VShell>vkeygen -b 2048 -f d:\apps\wfgSshAuthKey -c "WFG Server" -O
Generating 'd:\apps\wfgSshAuthKey' keys...
Enter passphrase:
Confirm passphrase:

...then it spits out the MD5, SHA1 & SHA2 values

FWIW, I'm using other SSH keys (that use passwords) created by this app along with SSH.NET, and am able to connect to the respective SFTP servers fine - issue is just with this 'password-less' SSH key.

---

I was able to build a new DLL from the SSH.NET source code with the 'BER' change and figured out how to include it in my project. But when I run my app and try connecting using the 'password-less' SSH key, I get the following exception:

The type initializer for 'Renci.SshNet.Abstractions.CryptoAbstraction' threw an exception.

The only change I made was to swap to 'BER', so not sure if I might be missing something during the build or if there might be a dependency on DER deeper in SSH.NET - any suggestions?

---

Reference Screenshots

---

Thanks for your help!

John

[jverbosky]

@Rob-Hague well I was re-reading my last post and noticed the 'Message' value in the final screenshot mentioned not being able to load BouncyCastle.Cryptography.

So I tried adding that to the project file and tried running the app, and it connected to the SFTP server and listed some test files just fine now!

So, the fix (for authentication using an SSH key without a password) appears to be the change that you mentioned earlier (DER ~> BER) plus the BouncyCastle.Cryptography package (never had to include that before, FWIW).

Please advise if you need any additional details - otherwise, hoping a new 'option' (DER or BER) can be added to a future SSH.NET release.

Thanks again for your help!

John

[scott-xu]

@jverbosky I can't reproduce the issue. See #1579

[jverbosky]

@scott-xu I spent this morning reviewing my notes and creating & testing new keys (same config as old key), and I'm not seeing the 'encoded length' exception with any of the new keys either. So at this point, I've created a new key pair, verified them with a test SFTP server (connecting fine, no SSH.NET exceptions), and have reached out to our vendor about replacing the key on their server with one of the new ones that I created & tested today.

@Rob-Hague My apologies for the trouble, but at this point I think it's going to be easier to side-step the exception that I reported and simply replace the key, considering all of the new keys that I've created are working fine for instantiating the ConnectionInfo object (as scott-xu advised). I reviewed my notes, emails, etc. again and there's no indication anywhere that I needed to 'tweak' the vkeygen command that I shared, and the 'problem key looks fairly identical to the new keys (with regards to header & length), so I'm not sure it's worth additional time to determine how it's different or why it's triggering the exception.

Thank you both for your time & help - if nothing else, I've learned how to build SSH.NET from source and reference the DLL in my project (never had to do that before)!

John

[Rob-Hague]

No problem. Thanks for the useful feedback and for investigating on your end.