Re: pubkey format

Sat, 20 Dec 2008 08:27:44 -0800 

Hi,
You can also use the well-known PuTTYgen that can import pem encoded keys and export the public key in OpenSSH authorized_keys file format. Concerning the ssh-rsa format itself, it's rather simple. Each line is as follows : 

       ssh-rsa XXXXXXXXXXXXXXXXXXXXXX rsa-key-description


where the XXX filed is the base-64 encoding of the following content : 
(all non explicit values are in big-endian)


4 bytes : 00 00 00 07 (for public key type)
7 bytes : 73 73 68 2D 72 73 61 (ssh-rsa in ascii)
4 bytes : length of the public exponent encoding

E bytes : public exponent value (i.e if 0x010001, then E=3 and encoding 
is 01 00 01)
4 bytes : length of the unsigned modulus encoding. If the MSB of modulus 
is set, then the length must count an extra 00 that will be added to the 
content.
N bytes: modulus value. If its MSB is set, then an extra 00 must precede 
its real value.



For example, if the public exponent is 0x25 and the modulus is 
0xFEDCBA91, we will have :


00 00 00 07 73 73 68 2D 72 73 61 00 00 00 01 25 00 00 00 05 00 FE DC BA 91

and in base-64 encoding :

AAAAB3NzaC1yc2EAAAABJQAAAAUA/ty6kQ==

So, the OpenSSH public key will be :
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAAUA/ty6kQ== sample-openssh-key

I hope this will help,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


Shahin Khorasani wrote:

Hi,


You can download simple utility to transform PKCS#1 RSA public key to 
opnessh public key format from here: 
http://www.parssign.com/openssh_pk_linux.tar.gz



It is free to use and linked statically on Linux (must works on most 
distributions)


Regards,
Shahin Khorasani

Dhiva wrote:

openssl x509 -in sample.pem -pubkey -noout

What is the format of the pubkey ?

How can i convert or transform this key to ssh-rsa format? I am talking
about the ssh keys that are available in "authorized_keys" file.

Or
Does openssl has any tools to manage the pubkey ? like dismantle and
assemble again.

thanks
dhiva
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

  


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to