0 votes
by (380 points)
edited by


I use keys for SSH authentication. But already at the stage of loading the key I have a problem. Unsupported encryption algorithm error:

var key = new SshPrivateKey("C:\\path\\to\\id_rsa", "password");

System.Security.Cryptography.CryptographicException: Unsupported private key encryption: 'aes256-gcm@openssh.com'.
System.Security.Cryptography.CryptographicException: Unsupported private key encryption: 'chacha20-poly1305@openssh.com'.

Affected versions: 7.0.8816, 7.0.8720

Keys generated by commands:

ssh-keygen -t rsa -b 4096 -Z "chacha20-poly1305@openssh.com"
ssh-keygen -t rsa -b 4096 -Z "aes256-gcm@openssh.com"

This page has a table with Encryption Ciphers:

In the table, these algorithms are presented as supported.

Please clarify, this table refers to encryption algorithms within a connection, but does this not apply to encryption of the user’s private key?

If so, where can I find an exact list of supported encryption algorithms for a user's private key?

Thank you.

1 Answer

0 votes
by (144k points)

The tables at SSH ciphers indeed refer to ciphers used within the SSH protocol. They have no relevance for private key formats. Supported private key formats are covered by Private keys page, but detailed matrix of encryption algorithms + key derivation algorithms + hash algorithms is not currently listed there.

But basically, we aim to support all encryption algorithms used by the the supported key formats, so lack of support for new OpenSSH format keys encrypted with AES/GCM or ChaCha20/Poly1305 is an omission. Until now, we were not even aware of them - OpenSSH key format is proprietary and insufficiently documented.

We will add support for new OpenSSH format keys encrypted using "chacha20-poly1305@openssh.com" or "aes256-gcm@openssh.com" to one of the next releases - thanks for bringing this to our attention.

by (380 points)
The page describes key formats in detail, but does not cover encryption algorithms for private keys with a password.

How can I figure out what algorithms I can use to create encrypted private keys without getting a loading error later?
by (144k points)
Currently, Rebex libraries support the following encryption algorithms for new OpenSSH key format (= keys that start with "-----BEGIN OPENSSH PRIVATE KEY-----" header):