Read private key from string (not file) :: Support Forum

matrixiux
Joined:: 2020-09-10
Posts:: 3

Read private key from string (not file)

2020-09-10 13:38

We are storing our Private SSH Key in Azure Key Vault.
We retrieve it as a string, where string the whole key.
WinSCP COM library only allows adding SshPrivateKeyPath in the SessionOptions.

Now we don't want to write out the key in a text file, as that would beat the purpose of storing the key in to Azure Key Vault, for security reasons.

Is there a hidden way to load the key as a string or similar, and not a a physical file?

Azure Key Vault is client's requirement.

Reply with quote

martin◆ Site Admin
Joined:: 2002-12-10
Posts:: 37,239
Location:: Prague, Czechia

Re: Read private key from string (not file)

2020-09-11

Sorry, it's not possible, atm.

Reply with quote

matrixiux

2020-09-14 13:16

Do you know if that's on the road map, or would be considered? We already have existing services running WinSCP in the code, but this feature made us re-develop for an alternative library.

Reply with quote

martin◆ Site Admin

Re: Read private key from string (not file)

2020-09-15

It's not on the road map, as it's not frequently requested, sorry.

Reply with quote

bobbabooie
Joined:: 2021-11-17
Posts:: 1
Location:: North Pole

Re: Read private key from string (not file)

2021-11-17 20:34

@martin: I'd upvote this. It's arguable that it may be more secure to pass the key as a string of text rather than having it persisted to a file. In our case we're using SSIS to call winscp.com and we have secure variables in SSIS. If I have to persist it to a file, then that creates more "surface area" that we have to manage securely (make sure it gets deleted, make sure the file as proper permissions and/or in a location that's not accessible to those that shouldn't have read access, etc). I'm not an expert but it might be something to look at.. sort of treat it like a password parameter, since that's how things are going these days (key-based auth).

Reply with quote

matrixiux

2021-11-17 21:15

+1 I was very surprised that WinSCP is not considering this feature...

Reply with quote

martin◆ Site Admin

Re: Read private key from string (not file)

2021-11-19

I have added this request to the tracker:
Bug 2044 – Provide private key as string in .NET assembly
You can vote for it there.

Reply with quote

randallg Donor
Joined:: 2020-10-05
Posts:: 1

Re: Read private key from string (not file)

2021-12-28 21:57

I just voted for this change. I also donated so that is 4 more votes for!
In our case we store the file in the .NET assembly as a resource, but I would like to avoid having to write it to disk every time.

void open()
{
   string keyfile = Path.GetTempPath() + Guid.NewGuid().ToString() + ".ppk";
   using (var keystream = Assembly.GetExecutingAssembly().GetManifestResourceStream(StockwatchPpkResource)) {
      Util.SlopFile(keyfile, new StreamReader(keystream));
   }
   session = new Session();
   session.DisableVersionCheck = true;
   SessionOptions sessionOptions = new SessionOptions {
      Protocol = Protocol.Sftp,
      ... other stuff
      SshPrivateKeyPath = keyfile,
   };
   session.Open(sessionOptions);
   File.Delete(keyfile);
}