[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenSSH / SecSH / OpenSSL RSA public keys



Dixitur me scribere...

>Hello people (mostly OpenSSH developers),
>
>for SSHv2 RSA private keys, a public key can be generated
>in OpenSSH or SecSH format using ssh-keygen, and in OpenSSL
>format (suitable for use with openssl rsautl) with openssl rsa.
>
>My question: is there a known tool which can convert
>between the secsh/openssh and openssl format without
>knowing the public key?

I've got updated information: this is a sample key.

$ openssl asn1parse -i -dump -in foo.ssl; hd foo.x
    0:d=0  hl=3 l= 157 cons: SEQUENCE
    3:d=1  hl=2 l=  13 cons:  SEQUENCE
    5:d=2  hl=2 l=   9 prim:   OBJECT            :rsaEncryption
   16:d=2  hl=2 l=   0 prim:   NULL
   18:d=1  hl=3 l= 139 prim:  BIT STRING
      0000 - 00 30 81 87 02 81 81 00-a6 fa 73 78 aa 4a 91 e5   .0........sx.J..
      0010 - 51 d6 60 ff bb c5 2a 32-1f 7a ae f1 0c bb 2c 01   Q....*2.z....,.
      0020 - 07 96 8e 1b 1c 59 b2 1b-5b 0b f8 a7 54 af cc 43   .....Y..[...T..C
      0030 - e2 57 d9 1b ee bc ca d9-06 63 60 60 26 19 4c cb   .W.......c`&.L.
      0040 - 58 10 1b 8e 70 4d e9 9c-1e 93 fc 9d fe 07 01 a0   X...pM..........
      0050 - 34 1e 76 97 34 ee f1 49-bd 62 92 47 3c 48 d9 42   4.v.4..I.b.G<H.B
      0060 - b0 26 8d a3 73 4f a9 93-d4 0f e1 18 6c d0 f1 8c   .&..sO......l...
      0070 - 44 64 3f 0d b9 f8 27 05-04 9d 88 ef 2d 0e b4 da   Dd?...'.....-...
      0080 - d7 1b 27 b1 9b cf 6b 63-02 01 23                  ..'...kc..#
00000000  00 00 00 07 73 73 68 2D - 72 73 61 00 00 00 01 23  |....ssh-rsa....#|
00000010  00 00 00 81 00 A6 FA 73 - 78 AA 4A 91 E5 51 D6 60  |.....¦úsxªJ.åQÖ|
00000020  FF BB C5 2A 32 1F 7A AE - F1 0C BB 2C 01 07 96 8E  |ÿ»Å*2.z®ñ.»,....|
00000030  1B 1C 59 B2 1B 5B 0B F8 - A7 54 AF CC 43 E2 57 D9  |..Y².[.ø§T¯ÌCâWÙ|
00000040  1B EE BC CA D9 06 63 60 - 60 26 19 4C CB 58 10 1B  |.î¼ÊÙ.c`&.LËX..|
00000050  8E 70 4D E9 9C 1E 93 FC - 9D FE 07 01 A0 34 1E 76  |.pMé...ü.þ.. 4.v|
00000060  97 34 EE F1 49 BD 62 92 - 47 3C 48 D9 42 B0 26 8D  |.4îñI½b.G<HÙB°&.|
00000070  A3 73 4F A9 93 D4 0F E1 - 18 6C D0 F1 8C 44 64 3F  |£sO©.Ô.á.lÐñ.Dd?|
00000080  0D B9 F8 27 05 04 9D 88 - EF 2D 0E B4 DA D7 1B 27  |.¹ø'....ï-.´Ú×.'|
00000090  B1 9B CF 6B 63          -                          |±.Ïkc|

"foo.ssl" is the output of
$ openssl rsa -in foo -out foo.ssl -pubout

"foo.x" is the base64-decoded OpenSSH-format public key (without the
ssh-rsa at the beginning and the user_(_at_)_host at the end).

Another info:
$ openssl asn1parse -i -dump -in foo.ssl -strparse 18
    0:d=0  hl=3 l= 135 cons: SEQUENCE
    3:d=1  hl=3 l= 129 prim:  INTEGER           :A6FA7378AA4A91E551D660FFBBC52A321F7AAEF10CBB2C0107968E1B1C59B21B5B0BF8A754AFCC43E257D91BEEBCCAD90663606026194CCB58101B8E704DE99C1E93FC9DFE0701A0341E769734EEF149BD6292473C48D942B0268DA3734FA993D40FE1186CD0F18C44643F0DB9F82705049D88EF2D0EB4DAD71B27B19BCF6B63
  135:d=1  hl=2 l=   1 prim:  INTEGER           :23

Obviously, the "integer 23" appears in the SSH format too, just more at
the beginning, and the remainder seems to be just a simple integer.

OTOH I'm not experienced enough to know all the frame format and stuffing
which is needed for the two formats, so if there is a way to convert between
them, I'd be grateful.

PuttyGen seems to use the IETF format, which is not the OpenSSL format.

bye,
//Thorsten

PS: The "hd" is defined in my .profile as follows, for these who
    are interested:

[ -x /usr/bin/hd ] || eval alias hd=\''hexdump -e '\''\'\'''\''"%08.8_aX' \
	'  " 8/1 "%02X " " - " 8/1 "%02X "'\''\'\'''\'' -e '\''\'\'''\'\" \
	'  |" "%_p"'\''\'\'''\'' -e '\''\'\'''\''"|\n"'\''\'\'''\'' '\'

-- 
Currently blocking eMail from the following domains: bigpond.com, biz, gmx.de,
gmx.net, hotmail.com, info, jumpy.it, libero.it, name, netscape.net,
postino.it, simplesnet.pt, spymac.com, tatanova.com, tiscali.co.uk,
tiscali.cz, tiscali.de, tiscali.it, voila.fr, yahoo.co.uk, yahoo.com.