Simon Josefsson simon@josefsson.org writes:
If it would help someone, there is code in libssh2 that I wrote which decodes unencrypted OpenSSL private keys (which apparently is what OpenSSH is using) and imports them into a libgcrypt sexp.
Does openssl and openssh use the PKCS#1 format for private keys, as the DER encoding of ASN.1 objects? (Maybe that spec is for RSA keys only, but if so there ought to be some related spec for DSA).
I would have expected openssh to use something closer to the ssh wireformat, i.e., the wireformat ssh-rsa/ssh-dsa with some additional felds for the secret information, like I think the old proprietary ssh program did.
For PKCS#1 format, the program pkcs1-conv (from nettle-1.14 and later) can also convert RSA keys in pkcs#1 formats to sexp format.
Regards, /Niels
nisse@lysator.liu.se (Niels Möller) writes:
Simon Josefsson simon@josefsson.org writes:
If it would help someone, there is code in libssh2 that I wrote which decodes unencrypted OpenSSL private keys (which apparently is what OpenSSH is using) and imports them into a libgcrypt sexp.
Does openssl and openssh use the PKCS#1 format for private keys, as the DER encoding of ASN.1 objects? (Maybe that spec is for RSA keys only, but if so there ought to be some related spec for DSA).
Yup. It is just ASN.1 encoding of some integers in a sequence.
I would have expected openssh to use something closer to the ssh wireformat, i.e., the wireformat ssh-rsa/ssh-dsa with some additional felds for the secret information, like I think the old proprietary ssh program did.
For PKCS#1 format, the program pkcs1-conv (from nettle-1.14 and later) can also convert RSA keys in pkcs#1 formats to sexp format.
Then I would think that pkcs1-conv would handle this.
/Simon
nisse@lysator.liu.se (Niels Möller) writes:
For PKCS#1 format, the program pkcs1-conv (from nettle-1.14 and later) can also convert RSA keys in pkcs#1 formats to sexp format.
Simon Josefsson simon@josefsson.org writes:
Then I would think that pkcs1-conv would handle this.
Indeed, I've managed to convert OpenSSH RSA key pair to GNU lsh by the following steps:
1. Decrypt OpenSSH key:
$ openssl rsa -inform PEM -outform DER -in ~/.ssh/id_rsa \ -out /tmp/id_rsa.nopass
2. Convert OpenSSH key to GNU lsh:
$ cat /tmp/id_rsa.nopass | pkcs1-conv --private-rsa-key | \ sexp-conv -s advanced | sed -e "s/rsa/rsa-pkcs1/" | \ sexp-conv -s canonical | lsh-writekey
I've done it using GNU lsh version lsh-2.9-exp, secsh protocol version 2.0.
My initial goal -- to use single key pair for both OpenSSH and GNU lsh -- is achieved. That way, I can start playing with GNU lsh without taking the risk to switch completely to it.
Thanks for your help! :-)
Kaloian Doganov kaloian@doganov.org writes:
Indeed, I've managed to convert OpenSSH RSA key pair to GNU lsh by the following steps:
Decrypt OpenSSH key:
$ openssl rsa -inform PEM -outform DER -in ~/.ssh/id_rsa \ -out /tmp/id_rsa.nopass
Convert OpenSSH key to GNU lsh:
$ cat /tmp/id_rsa.nopass | pkcs1-conv --private-rsa-key | \ sexp-conv -s advanced | sed -e "s/rsa/rsa-pkcs1/" | \ sexp-conv -s canonical | lsh-writekey
Nice. BTW, pkcs1-conv is intended to work also with PEM-formatted input, if you had any problem with that, I'd like to hear. You still need to use openssl for decrypting the key, though.
I've done it using GNU lsh version lsh-2.9-exp, secsh protocol version 2.0.
You're brave, trying to play around with the experimental release ;-)
I use the client parts of the latest version daily. The server is less tested.
Happy hacking, /Niels
nisse@lysator.liu.se (Niels Möller) writes:
Nice. BTW, pkcs1-conv is intended to work also with PEM-formatted input, if you had any problem with that, I'd like to hear. You still need to use openssl for decrypting the key, though.
Yes, I've got "Invalid PKCS#1 private key." from pkcs1-conv when I tried to feed it with PEM-formatted input instead of DER-formatted one:
$ openssl rsa -inform PEM -outform PEM -in ~/.ssh/id_rsa \ -out /tmp/id_rsa.nopass.pem
$ cat /tmp/id_rsa.nopass.pem | pkcs1-conv --private-rsa-key Invalid PKCS#1 private key.
I've noticed that I can convince pkcs1-conv to process PEM-formatted input if I drop the "--private-rsa-key" argument:
$ cat /tmp/id_rsa.nopass.pem | pkcs1-conv
This outputs the expected result, completely identical to the working example using DER (posted in my previous message).
You're brave, trying to play around with the experimental release ;-)
I'm just experimenting, so the experimental release is just perfect for me. ;-)
Kaloian Doganov kaloian@doganov.org writes:
I've noticed that I can convince pkcs1-conv to process PEM-formatted input if I drop the "--private-rsa-key" argument:
$ cat /tmp/id_rsa.nopass.pem | pkcs1-conv
When reading PEM data, the type of the data follows from the PEM start line. For DER data, its harder to derive the intended type from the data.
Regards, /Niels