Opened 4 years ago

Closed 4 years ago

#12130 closed Bug report (fixed)

AES-256-CBC unsupported for password-protected private keys for SFTP

Reported by: sdjevelekov Owned by:
Priority: normal Component: FileZilla Client
Keywords: Cc:
Component version: Operating system type: Linux
Operating system version: 5.5.8-zen1

Description

FileZilla client appears to have a bug in importing password-protected private keys for SFTP when encrypted with AES-256-CBC. I found no mention in docs re: the intentional exclusion of this cipher combination, plus no error message is returned, which suggests that this may be a bug. There are no relevant log entries or terminal output, even in debug mode. This was tested and confirmed on Linux, Mac OS X and Windows 10.

You can test by importing the following key through Settings > SFTP > Add key file...:

Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,e2baef8c24ab9008854a80cae86f33ed

WT4xwn5Y4tgKp6qpFYOwJlzE22uJuw7dwbzmGqogC/nLeAOfl3SuUsWuNM5ORYh/
29YbHN5BqeyiY9ANbz7777/gp5T2PdckdoVbMvFOYlgwq7DbDzrUBEJM3cq1quqe
hHqKkcvOAX+XSnSMI4OTzBaN1Qd1V7QP+aFMeSWfzQdq8SHn9lxWqolTdLeYmEOR
CFouROSf7YdD/HYx9gOmiNAwVtwZ+oSZY9hHPo7pfJ3DLO0oq+hbjYUexYZxQfUB
5x7ceJbbl+MyNr1n4juAf3e99c8BTTzEZBls7osXo/z+Rnn8qhYC8MfCt1RuFc
xxClGlWvs0c2A14+epKwAcZq1aOueNgjKu5G9mQHkv7YmbK3dw60VEKhVh9imUuR
oT2yGTOSH0B9B89T2wqz71xbGw0bPfbU9tRxx7oUeLSAVOant3DnAW+dcp2xQHjx
r4l3NHy1+mtEpG0siqzLyM48YRam/I0y0dvExlvUuVZGCKazDKweOHvROfNRbL8g
BYs8ept2qHj0xItqBLU+h1ikduEa9Pye1xalWW4KkX1D7QfACal3dO8HeM+bbMED
SnSZ1Ujg1kvwPp1QrKzYF3DCTIhygtVmjc9THwUkV2qr9EZJwZAinUf+ijvHKmUw
/wQCXsD0sDd/uZX4tE0hBgWuH2X/AAnD4tqYFY9aFhta9O37LE8X1PXSHcsDrcN/
Wc9AOlEFymJpohYGXDN3UxCy5W92Ht5w5RrnkYLVOLOhH2QtU5+2QaokUgXQINQ8
VKIgM+luBtnIFlv/jEL73ILUnkWqIpZZRKTKXDDndyYnF3w+47Y+YyK6fczPaf2q
lv6LFJoZfK58lNP6XApnwCdwpzXIpE7FljlRlrgFW7y/bJ87lcs2u4uL4KODEBqt
xsY0UGxrNuGfVY8OcNXGTSnakPGP4kKitMknu4WKfKU4NwcJ7v9kEwObt1zcpkM5
HM8BOwgnbXdS4CWZGJ5ximCYrPQ17URitvKktQ+FS1l0R5gvCmNhMmUx373VqOG6
K4I890jzvCdXRuTx0/2hbpJHHOqXD6thiTAKOQUOiRrt83iBKOxt0sOlSApxuCr6
3aYv1EbHAJLTnV1TUzg78Yh6GzUGdsoxD3WFjVIsw7EKb+VuCQbTEcu+kaz17U8G
mBvoCHDRJAos6TMsJOF8IQHZFyAg7XfFTdTOuIc1zz6E7h+8j9foh9tR2Ct5K6s1
XlkP9kFmu2bqNQu6tkEb14f/S1cCBxoXCVs4ne75Oq/VLp1QO+U54QnabiVlv3H1
/89jGi/Sa/gSnyyCqyO2q65XUQ4GYoLWMurIWIqA8QcBQW3OB4GFvD0K0ilNfQQo
Ytt+4xVBsHG+uFb89rnV0gzY94jltUq4CkB33AuzvxBwnGs5pPqrkF7XvhYIyrZR
VxEQ2QMBDrHtjOBmO8/ihUDDP/nQTwVOga7gaj2sO7/acsjeZkp0ZxPcpXzXJzr+
xcVPkELhaJjBd+IEysPETk9HppaiA9NeYVm+0XFIHgKaWIRDtXG0mhkttjlssAYU
2amt78Mtt5RnAf+3mfP4O26d2GgfU/os3eTaD0ldO5DEdu+bukoAOl8QVUq6p9Wa

It does not return any error messages, nor any feedback whatsoever. A key encrypted with AES-128-CBC is imported successfully - it reports that it needs to be converted in PPK format, and then asks for a passphrase:

Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,D05FFBBB1E6D76BBF75EFA96C24A3BD9

loGvARZjfLa2d/DQS3rQHAxdIe4g/UytBR3kdtKO65juYhZP6ntNvKBFbIMOJFZY
KPabYyof8zYvQTXEIqAypmAMXU3J6/GISzW3wXe3ZvC/uTaFiTVSXCIRkfk72cOd
6aTAuo5xMXelmbdqwKu0FkrZgAMG7lDumClshTMG47+g7BxHrszr4yo3FkiRs5fN
kFSJ+499wAZV0NOThkkQi28H/+6LzQ+5siNErJXkWTNk+G/f72xRfSkT9k5roQ/L
ycS91sd8Xvrt1ywtvMvx7K1mta1rvHuqOMmGazsS4jVAo8xPn18KztyZLkyckDFE
TpqP8Zji0+n7O+aCJmmWdqWLs4QeiovIlzO6BLXGkGAEf7AsB8qyTbEq9FRGPi7p
fC6Ei+7zIquQy75A4H41NXMMoyMgOg0X1j6Mc9Hq/6tWhxrsAYEGygVE6WVG8YAD
01bTYuXf064v/lXPmtXOdbEFcGFgXtQ2OzRVTRvdF4v8uxlsdc0KmeqzuOD6Ux9r
N+WDF5wAvab8P/S4zruxOnCqPJwKNTTZ/lFbD93BZqHu+kIvQwKna4oFIzT0Au6J
u5+ZqCXSbdMdRO9goiVvGEXfJEGkMZG+GWp+whg/xnMmnUy0h0bLWSB1ERKSUvdA
M9H5yCJungXUU1BPQ5h7OiA2b452S+ayMbmin+G3nuqcBQDoPH9kLakXjQCRRCd7
3I6QR7rsDFpkCGgwnEcKLpNteEb19Ce1PDpyXUhFypH2MHbuYRATP0FF++uvvxjf
NUOvriQ54pw8jYve8L156DsH6x83xyXM1Q3/3rTjmKbi11qa+WpxTEbSe/Q/GXO5
ebhPWGSUKsnukQi+WMmW99nh2/WyTZpLF8Kc09LfVVHDHRiBZUDNzX3hfpRgaffs
yL17jn6UgxVjGOXbQtBIlJs1J2UMg6wC7sClGmNviQNAvzrYxWwS2ewebVK6IB5w
x/jLMEz85GuJkHljpml6FuSvVQQmNM8wC6y6NY90veTy38082Yz558RPvJlYRWJb
VVHq3kjKjmULAfgSBGFtmh+kJ1YVACwEdzdj71DVDGyagsTiAVNEyvAn+gCOhxV/
umood21YxZyqxSD3MtTTwPAvMqf0LDJws7wTl+fuDd2E43LEXlh2ATyMe4+mvtTF
zYYmSJGZeZekdxvyB8B8v0vEEQ7ontfKzloZkibJPq9610R7tQ1HvWmkiNUq9io+
iXUEeTLLL75jbAYpcyzJNIgu+98eeVQkDdkwbYIG4MKNvBv6vafLn0KqnPuo9T71
yRe4Ut0Uxz8kFOD4MLHae62HiL27V6RsntwSnhGDWmA9KgC16SJwqiSzIxjiKnnJ
S3pgBSQ7vxMjr3DsKS6f/ZEPlq/Py3UCwjH0hXgI+NnD2WsS5Hfpf9eXOz/FIztq
axe4JnzGyDZfb42G47Gll114lVVYUd2PEWUlFRT/OrgETsy/QN0QFbp2hQdWzb3u
XxXpu6+yHb/mj+DhnohAN3cLlYxwAeJhTE2RZ2QhJmpFy19EFlmbxsiTxe7Puesu
Wb8dxwcCrgoscxjzlCf9k6zNntCpm6al2uEtuEgjdd3KCbEoeSSwu+QO8NbTeO

Passphrase for both keys is test2020.

Attachments (2)

AES-128-CBC.key (1.7 KB ) - added by sdjevelekov 4 years ago.
AES-256-CBC.key (1.7 KB ) - added by sdjevelekov 4 years ago.

Download all attachments as: .zip

Change History (4)

by sdjevelekov, 4 years ago

Attachment: AES-128-CBC.key added

by sdjevelekov, 4 years ago

Attachment: AES-256-CBC.key added

comment:1 by sdjevelekov, 4 years ago

Added keys as attachments for easier reproduction of the problem.

comment:2 by Tim Kosse, 4 years ago

Resolution: fixed
Status: newclosed

Please try tomorrow's nightly build.

Note: See TracTickets for help on using tickets.