Fix support for AES-256/GCM openssh keys (#8968)

* Fix detecting AES-256/GCM cipher, fixes #8964 When you generate a ssh key using the aes-256/gcm cipher, the cipher name in the keyfile includes an @openssh.com at the end. * Use separate iv length for getting iv data, the assumption that the block size and iv size are equal does not hold for every cipher mode (e.g., GCM) * Disable AES-256/GCM for now in ssh keys Currently, the granularity for the botan gcm implementation is too large. To fix a problem with another algorithm in the library, they are multiplying the blocksize, so by default the granularity is 64. This causes issues since the encrypted data in the key is only guaranteed to have a length that is a multiple of the block size (16).
2025-04-03 20:47:37 +03:00 · 2023-01-29 10:57:09 -05:00 · 2023-01-29 10:57:09 -05:00 · e221f89e68
commit e221f89e68
parent 03ad6c52c0
5 changed files with 38 additions and 5 deletions
--- a/share/translations/keepassxc_en.ts
+++ b/share/translations/keepassxc_en.ts
@ -5764,6 +5764,10 @@ We recommend you use the AppImage available on our downloads page.</source>
        <source>Unexpected EOF when writing private key</source>
        <translation type="unfinished"></translation>
    </message>
+    <message>
+        <source>AES-256/GCM is currently not supported</source>
+        <translation type="unfinished"></translation>
+    </message>
 </context>
 <context>
    <name>PasswordEditWidget</name>