Hi all, I was able to figure out the issue myself. Both public keys are equal when compared as BCECPublicKey objects rather than doing a string based comparison. :)
On Fri, Jul 30, 2021 at 7:06 PM Vaigunth Chakkarapani <vaigunt...@gmail.com> wrote: > Hi, > > I'm trying to setup Apache MINA SSHD(version 2.7.0) with SFTP feature. I > was trying to setup a simple public key authenticator that supports only EC > public keys. > > My backend stores EC public keys generated using openssl, in a base64 > encoded format. > Sample public key in the backend(ECDSA-256, prime256v1 curve): > > MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnVUXp+iVC3/Z5XxMlqU1r3AkUryBqyhkMDZ1oEx5ThSZNUF1QbSyaSYem8keQkUhlSB8Ib0Bkr0GaMzJ5RkVtw== > > With the same public key, when I tried to login as SFTP user, I got the > public key in PublicKeyAuthenticator's authenticate() callback in a > different format: > > MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEA/////wAAAAEAAAAAAAAAAAAAAAD///////////////8wRAQg/////wAAAAEAAAAAAAAAAAAAAAD///////////////wEIFrGNdiqOpPns+u9VXaYhrxlHQawzFOw9jvOPD4n0mBLBEEEaxfR8uEsQkf4vOblY6RA8ncDfYEt6zOg9KE5RdiYwpZP40Li/hp/m47n60p8D54WK84zV2sxXs7LtkBoN79R9QIhAP////8AAAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBA0IABJ1VF6folQt/2eV8TJalNa9wJFK8gasoZDA2daBMeU4UmTVBdUG0smkmHpvJHkJFIZUgfCG9AZK9BmjMyeUZFbc= > > Since the formats of the same public key are different, I'm not able to > compare the key got in MINA with the one in my backend. > > However, after a few hours of experimenting, I was able to get the same > format as my backend with MINA SSHD version 1.6.0. I would like to be on > the latest version of Apache MINA project given the numerous features you > guys have created :) > > Any help around what formats these are and how do I convert between both > of them would be very helpful. > > SFTP command used for logging in: > sftp -P22 -i ecdsakey.pem user@localhost > > OS: MacOS Big Sur(11.3.1) > JDK: > openjdk version "1.8.0_242" > OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_242-b08) > OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.242-b08, mixed mode) > > Commands used for generating EC key: > openssl req -x509 -nodes -days 3650 -newkey ec:<(openssl ecparam -name > prime256v1) -keyout ecdsakey.pem -out ecdsacert.pem > openssl ec -in ecdsakey.pem -text -noout > openssl x509 -in ecdsacert.pem -text -noout > openssl x509 -noout -pubkey -in ecdsacert.pem > > Thank you very much in advance. >
