Jameson "Chema" Quinn wrote: I have a public key in the following format:
ssh-dss AAAAB3NzaC1kc3MAAACBANp8I4YOSRlhoLGkHzRL1n0oOyrZUpJwxAv2nYgfeFtCxGT1V3S5yPchB/eQhOlh2qsRD9C85FFQPhIIoGhcFObQ8JApDhGC7Ry/9rU+kygRMvc5QwKR2nmGHb2S8NV8GwqAZXfYCM9IEwErS8BY+H0PGzJtBXw926fwz7YgJmZLAAAAFQCzrVxVqen0ZQ08EimzTtBimRvvAwAAAIBGqpPGAw9fUcBRMlAGSUMDRthh+vKg5HJx52rupinjpZrptdgSpJRTtQXebAbB0rWQgMh5o/sYZzpHurfFJVKzjdrpBFji2FnCsO5zThSuCn07oDHidr9JEgJ/lHwHB57JQX6f+PT2KK6/N7rw2kwF1+mZDgWbhjxA1AZC4KSUgQAAAIBT41q0iIYSRJD6rB7ywN9rXCVwNtcG/Y8U/Bqh1cc4lYb9R5hNcRSqAkgis0BFxpM3frzZKpgdyX/I7HScGpbiGUlBFf/sX3YnUFsfHHg+OnuVqYzlKL8iEfP+RTpeqnHV/AdWOUELVJzHqk7FD31Tf+IGbt25vI3FjEDkQWYpdg= = that is, "ssh-dss " followed by a base64-encoded blob which has the following five values, each preceded by their length in bytes: *"ssh-dss" (again, this time no space) *the four integers that dss uses (p,q,g,y). This is the format outputted by: ssh-keygen -q -t dsa -f %s -C '' -N '' (actually, this is the command used by the Sugar environment for OLPC to make keys, I am trying to use these keys for signatures. Certainly this seems to be a pretty standard way to make a key). If I try openssl dgst -dss1 -verify ... with this key, I get the message "unable to load key file" Is there any way for me to convert this to a valid key format? If not, is it possible that openssl might/should gain the capability to read this format? I can even make an attempt to write this into openssl myself, but it has been some time since I wrote C and I would really appreciate some pointers from somebody who knows the code as to where I need to change it. Thanks, Jameson Well the key is in SSH format, have you tried any of the ssh utilities? Say does 'ssh-keygen -e' do what your looking for? If you want to write C code to convert the key, the format is described in RFC 4253, and you might want to look at the EVP_PKEY_* functions and load_pubkey() in apps/apps.c (and maybe PEM_read_bio_PUBKEY() for reference). -jb ........... I have tried everything I can think of - all combinations of ssh-keygen -if, -ef; openssl dgst -keyform P,S,1,... The problem is that I do not really know what I'm aiming for, as I have no example of signatures working - I can make a signature, but I cannot verify it. As to fixing openssl to read this format natively, I have looked around the code, and am stuck on EVP_PKEY_DSAX - there 5 versions and I do not know which one to use. I guess that I will figure that latter problem out eventually, but I really could use a working keypair for comparison. If I could visually compare in order to figure out the problem with ssh-keygen -e I could just keep two copies of the public key for now. Are you sure that the format is RFC4253? This is the same format as the ssh key, without the -----BEGIN stuff; but when I that stuff manually it does not work.
