CircleCI does not support PKCS#8 ssh keys

noirbizarre · October 11, 2018, 6:26pm

Right now, CircleCI only support PKCS#1 ssh keys (BEGIN RSA PRIVATE KEY) which is deprecated.
Latest ssh-keygen versions don’t allow anymore to generate them and use PKCS#8 as default (BEGIN OPENSSH PRIVATE KEY). Sadly, CircleCI consider them as invalid.

Is it possible to allow PKCS#8 keys which is now the default ssh private keys format and which by the way also allows to use more secure ECDSA keys (or any other supported encryption as the encryption protocol is noincluded into the key)

NB: See https://stackoverflow.com/questions/20065304/differences-between-begin-rsa-private-key-and-begin-private-key or https://crypto.stackexchange.com/questions/35093/why-ssh-gen-makes-difference-between-pem-and-pkcs8 for details about their differences and why PKCS#1 is deprecated.

halfer · October 12, 2018, 5:14pm

I’d suggest adding this to the ideas list.

system · January 10, 2019, 5:14pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Adding a new SSH Key fails Deployments	10	8702	October 16, 2018
CircleCI User Key uses RSA with SHA1, which GitHub has deprecated Feedback & Bug Reports suggested	5	2265	January 11, 2022
ERROR: You're using an RSA key with SHA-1, which is no longer allowed Build Environment	3	2037	January 11, 2022
Error when adding SSH Permissions keys on macOS Mojave Feedback & Bug Reports	0	2402	January 29, 2019
Projects > SSH Permissions > Add SSH key not working Feedback & Bug Reports ssh , deployment	2	3065	June 18, 2018

CircleCI does not support PKCS#8 ssh keys

Related Topics