[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: OpenSSH / SecSH / OpenSSL RSA public keys
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: Re: OpenSSH / SecSH / OpenSSL RSA public keys
- From: Thorsten Glaser <tg_(_at_)_66h_(_dot_)_42h_(_dot_)_de>
- Date: Sat, 18 Sep 2004 12:29:10 +0000
Dixitur me scribere...
>Hello people (mostly OpenSSH developers),
>
>for SSHv2 RSA private keys, a public key can be generated
>in OpenSSH or SecSH format using ssh-keygen, and in OpenSSL
>format (suitable for use with openssl rsautl) with openssl rsa.
>
>My question: is there a known tool which can convert
>between the secsh/openssh and openssl format without
>knowing the public key?
I've got updated information: this is a sample key.
$ openssl asn1parse -i -dump -in foo.ssl; hd foo.x
0:d=0 hl=3 l= 157 cons: SEQUENCE
3:d=1 hl=2 l= 13 cons: SEQUENCE
5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
16:d=2 hl=2 l= 0 prim: NULL
18:d=1 hl=3 l= 139 prim: BIT STRING
0000 - 00 30 81 87 02 81 81 00-a6 fa 73 78 aa 4a 91 e5 .0........sx.J..
0010 - 51 d6 60 ff bb c5 2a 32-1f 7a ae f1 0c bb 2c 01 Q....*2.z....,.
0020 - 07 96 8e 1b 1c 59 b2 1b-5b 0b f8 a7 54 af cc 43 .....Y..[...T..C
0030 - e2 57 d9 1b ee bc ca d9-06 63 60 60 26 19 4c cb .W.......c`&.L.
0040 - 58 10 1b 8e 70 4d e9 9c-1e 93 fc 9d fe 07 01 a0 X...pM..........
0050 - 34 1e 76 97 34 ee f1 49-bd 62 92 47 3c 48 d9 42 4.v.4..I.b.G<H.B
0060 - b0 26 8d a3 73 4f a9 93-d4 0f e1 18 6c d0 f1 8c .&..sO......l...
0070 - 44 64 3f 0d b9 f8 27 05-04 9d 88 ef 2d 0e b4 da Dd?...'.....-...
0080 - d7 1b 27 b1 9b cf 6b 63-02 01 23 ..'...kc..#
00000000 00 00 00 07 73 73 68 2D - 72 73 61 00 00 00 01 23 |....ssh-rsa....#|
00000010 00 00 00 81 00 A6 FA 73 - 78 AA 4A 91 E5 51 D6 60 |.....¦úsxªJ.åQÖ|
00000020 FF BB C5 2A 32 1F 7A AE - F1 0C BB 2C 01 07 96 8E |ÿ»Å*2.z®ñ.»,....|
00000030 1B 1C 59 B2 1B 5B 0B F8 - A7 54 AF CC 43 E2 57 D9 |..Y².[.ø§T¯ÌCâWÙ|
00000040 1B EE BC CA D9 06 63 60 - 60 26 19 4C CB 58 10 1B |.î¼ÊÙ.c`&.LËX..|
00000050 8E 70 4D E9 9C 1E 93 FC - 9D FE 07 01 A0 34 1E 76 |.pMé...ü.þ.. 4.v|
00000060 97 34 EE F1 49 BD 62 92 - 47 3C 48 D9 42 B0 26 8D |.4îñI½b.G<HÙB°&.|
00000070 A3 73 4F A9 93 D4 0F E1 - 18 6C D0 F1 8C 44 64 3F |£sO©.Ô.á.lÐñ.Dd?|
00000080 0D B9 F8 27 05 04 9D 88 - EF 2D 0E B4 DA D7 1B 27 |.¹ø'....ï-.´Ú×.'|
00000090 B1 9B CF 6B 63 - |±.Ïkc|
"foo.ssl" is the output of
$ openssl rsa -in foo -out foo.ssl -pubout
"foo.x" is the base64-decoded OpenSSH-format public key (without the
ssh-rsa at the beginning and the user_(_at_)_host at the end).
Another info:
$ openssl asn1parse -i -dump -in foo.ssl -strparse 18
0:d=0 hl=3 l= 135 cons: SEQUENCE
3:d=1 hl=3 l= 129 prim: INTEGER :A6FA7378AA4A91E551D660FFBBC52A321F7AAEF10CBB2C0107968E1B1C59B21B5B0BF8A754AFCC43E257D91BEEBCCAD90663606026194CCB58101B8E704DE99C1E93FC9DFE0701A0341E769734EEF149BD6292473C48D942B0268DA3734FA993D40FE1186CD0F18C44643F0DB9F82705049D88EF2D0EB4DAD71B27B19BCF6B63
135:d=1 hl=2 l= 1 prim: INTEGER :23
Obviously, the "integer 23" appears in the SSH format too, just more at
the beginning, and the remainder seems to be just a simple integer.
OTOH I'm not experienced enough to know all the frame format and stuffing
which is needed for the two formats, so if there is a way to convert between
them, I'd be grateful.
PuttyGen seems to use the IETF format, which is not the OpenSSL format.
bye,
//Thorsten
PS: The "hd" is defined in my .profile as follows, for these who
are interested:
[ -x /usr/bin/hd ] || eval alias hd=\''hexdump -e '\''\'\'''\''"%08.8_aX' \
' " 8/1 "%02X " " - " 8/1 "%02X "'\''\'\'''\'' -e '\''\'\'''\'\" \
' |" "%_p"'\''\'\'''\'' -e '\''\'\'''\''"|\n"'\''\'\'''\'' '\'
--
Currently blocking eMail from the following domains: bigpond.com, biz, gmx.de,
gmx.net, hotmail.com, info, jumpy.it, libero.it, name, netscape.net,
postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk,
tiscali.cz, tiscali.de, tiscali.it, voila.fr, yahoo.co.uk, yahoo.com.
Visit your host, monkey.org