underlyingCoreCryptoError while creating NIOSSHPrivateKey

[AngeloAvv]

Hi,
I'm trying to setup a SSH tunnel in order to forward a remote port into my local device. I followed your PR #55 and I successfully implemented it into a brand new iOS project: I am able to forward a port using password authentication.

What I'm trying to do is performing a private key authentication. Due to the lack of the documentation, I'm going to ask you a few questions. Here's the code:

//ssh-keygen -t ecdsa -b 521 -m pem

let sshPrivateText = """
-----BEGIN EC PRIVATE KEY-----
row1
row2
row3
row4
row5
-----END EC PRIVATE KEY-----
"""
            
            let base64EncodedString:String = Data(sshPrivateText.utf8).base64EncodedString()
            let ecdsaPrivateKeyData:Data = Data(base64Encoded: base64EncodedString, options: .ignoreUnknownCharacters)!
            let group = MultiThreadedEventLoopGroup(numberOfThreads: 1)
            let key: NIOSSHPrivateKey?
            do {
                key = NIOSSHPrivateKey(p521Key: try .init(rawRepresentation: ecdsaPrivateKeyData))
            } catch let error {
                fatalError(error.localizedDescription)
            }

But I can't go further the NIOSSHPrivateKey constructor since the .init throws an error:

Fatal error: The operation couldn’t be completed. (CryptoKit.CryptoKitError error 0.): file /Users/user/XCode Projects/NioExample/NioExample/ContentView.swift, line 35
2020-12-13 12:57:48.397737+0100 NioExample[2711:69134] Fatal error: The operation couldn’t be completed. (CryptoKit.CryptoKitError error 0.): file /Users/user/XCode Projects/NioExample/NioExample/ContentView.swift, line 35
(lldb) 

▿ CryptoKitError
  ▿ underlyingCoreCryptoError : 1 element
    - error : -1

Also, I have another question. Why the minimum SDK level is iOS13? Could it be downgraded or something? It's a huge device cut! Will this project be included in cocoapods? I'm asking this because I'm going to integrate this script into a native Flutter plugin and it seems like Flutter projects are not compatibile with SwiftPM.

Thank you for this amazing project by the way!

[Lukasa]

Hi, thanks for your questions!

Firstly, regarding loading a OpenSSH-formatted private key: this is currently a feature we don’t support. This is because the OpenSSH-formatted keys are encrypted using algorithms not available in CryptoKit/Swift Crypto, making it difficult for us to provide cross-platform support for decrypting the key. You can use the NIOSSHPrivateKey constructor with a newly-generated ECDSA key, and then write out the public key from NIOSSHPublicKey instead, or alternatively use tools like OpenSSL to convert the externally generated key into ANSI X9.63 format.

The minimum SDK level is iOS 13 because that is required for CryptoKit support. It is not possible to reduce that level, sadly. We are happy to add cocoapods support for this project, but it’s not a high priority for us personally, so we’ll need a community member to step up and prepare the podfiles.

[Joannis]

@Lukasa my fork does support RSA OpenSSH formatted keys.

[AngeloAvv]

Hi @Joannis , in the next few hours I'm gonna try your repo to see if it fits my needs. I wanna ask @Lukasa if it could be merged in main.

[Lukasa]

We are unlikely to merge RSA support directly to main. The better approach will be to define an appropriate extension interface that would allow @Joannis’ repo to plug in nicely.

[Joannis]

☝️ the solution mentioned by @Lukasa has been discussed thoroughly for a while now. It is the best and probably only solution.

[Joannis]

@AngeloAvv check out #62 for my draft.