Forum Discussion

Super Contributor

4 years ago

[I-13] Exported private keys are not protected by a passphrase?

Until today all my SSH private keys had to be present as local files, but they were protected by a passphrase. I imported all those keys into 1Password. When I exported one (to test how that works) t...

SSH

Lachy

Occasional Contributor

4 years ago

The option to download a private key should at least offer some encryption options. Options provided by ssh-keygen include:

-a rounds (number of bcrypt_pbkdf rounds)
-m key_format (RFC4716, PKCS8 or PEM)
-Z cipher (aes256-ctr, aes256-cbc, etc.)
-p to prompt for a passphrase.

1Password should at least offer some of these options, perhaps with sensible defaults. It shouldn't be left up to the user to have to manually look up the man page for ssh-keygen to encrypt it themselves.

However, it might be reasonable if, when importing a key, it did include the original file as an attachment. But you could also do that manually if you wanted.

Forum Discussion

[I-13] Exported private keys are not protected by a passphrase?

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

SSH Bookmarks - broken on macOS

Unofficial 1Password SDK for Rust

🔊 Securing Cursor agentic development with 1Password Environments

ssh agent and ansible 12 prompting incessantly

1Password Chrome extension is incorrectly manipulating <code> blocks