Read private key from string (not file)

Advertisement

matrixiux
Joined:
Posts:
3

Read private key from string (not file)

We are storing our Private SSH Key in Azure Key Vault.
We retrieve it as a string, where string the whole key.
WinSCP COM library only allows adding SshPrivateKeyPath in the SessionOptions.

Now we don't want to write out the key in a text file, as that would beat the purpose of storing the key in to Azure Key Vault, for security reasons.

Is there a hidden way to load the key as a string or similar, and not a a physical file?

Azure Key Vault is client's requirement.

Reply with quote

Advertisement

matrixiux

Do you know if that's on the road map, or would be considered? We already have existing services running WinSCP in the code, but this feature made us re-develop for an alternative library.

Reply with quote

martin
Site Admin
martin avatar

Re: Read private key from string (not file)

It's not on the road map, as it's not frequently requested, sorry.

Reply with quote

bobbabooie
Joined:
Posts:
1
Location:
North Pole

Re: Read private key from string (not file)

@martin: I'd upvote this. It's arguable that it may be more secure to pass the key as a string of text rather than having it persisted to a file. In our case we're using SSIS to call winscp.com and we have secure variables in SSIS. If I have to persist it to a file, then that creates more "surface area" that we have to manage securely (make sure it gets deleted, make sure the file as proper permissions and/or in a location that's not accessible to those that shouldn't have read access, etc). I'm not an expert but it might be something to look at.. sort of treat it like a password parameter, since that's how things are going these days (key-based auth).

Reply with quote

Advertisement

randallg
Donor
Joined:
Posts:
2

Re: Read private key from string (not file)

I just voted for this change. I also donated so that is 4 more votes for!
In our case we store the file in the .NET assembly as a resource, but I would like to avoid having to write it to disk every time.
void open()
{
   string keyfile = Path.GetTempPath() + Guid.NewGuid().ToString() + ".ppk";
   using (var keystream = Assembly.GetExecutingAssembly().GetManifestResourceStream(StockwatchPpkResource)) {
      Util.SlopFile(keyfile, new StreamReader(keystream));
   }
   session = new Session();
   session.DisableVersionCheck = true;
   SessionOptions sessionOptions = new SessionOptions {
      Protocol = Protocol.Sftp,
      ... other stuff
      SshPrivateKeyPath = keyfile,
   };
   session.Open(sessionOptions);
   File.Delete(keyfile);
}

Reply with quote

Advertisement

martin
Site Admin
martin avatar

Re: Read private key from string (not file)

@randallg: I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.

Reply with quote

ashishr10
Joined:
Posts:
1

Re: Read private key from string (not file)

[quote="martin"]@randallg: I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.[/quote]
Hi, is it available now ? This feature

Reply with quote

randallg
Donor
Joined:
Posts:
2

Re: Read private key from string (not file)

ashishr10 wrote:

martin wrote:

@randallg: I'm sending you an email with a development version of WinSCP to the address you have used to register on this forum.
Hi, is it available now ? This feature

Yes this feature is in the latest release.

Reply with quote

Advertisement

You can post new topics in this forum