[Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Apr 3 10:46:22 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1749

           Summary: ssh-keygen cant "import" a generic x509 rsa public key
           Product: Portable OpenSSH
           Version: 5.4p1
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh-keygen
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: cavanaughwww+public at gmail.com


Created an attachment (id=1827)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1827)
pubkey2ssh

I think this is part defect part enhancement.

Defect Part 
===========

I have a public key generated via

prompt> openssl x509 -in cavanaug.x509 -pubkey -noout >
cavanaug_x509.pub

that I would like to have ssh-keygen convert to an openssh public key
format.  

prompt> ssh-keygen -i -f cavanaug_x509.pub
buffer_get_string_ret: bad string length 813826338
key_from_blob: can't read key type
decode blob failed.

prompt> cat cavanaug_x509.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+8jp5YdUEqoNjmhg3X
c+oMARMrXH5erMRh+C1DeAE/KxZd0ZXjhbDJ1NwvvIlmLJO6tmlqtbnNILgpJjna
dPor6fcVsiLgHtwD5CuydAfxjQBXRCvPBqL+/M1tNMhcgR4AYzfitUP2IFhSLmgF
3+lPZYJiyWeTPMGgbgNbjef66ogaaoV0TLmuONQjmH0QI9LcPO7pbErOBgOEytYP
LUvgNyu7z/wgV+sQoxB6jYhsI2msQ+s6cwGna8fLa2R9tKr27rzv0kyeL1h9ZLd2
TiwEen+XkcRFgDkzPPoiHl1i9/osia+uvd/YeQxWlNRMldgNZ+sa2Yy/2Sz7XSRb
dwIDAQAB
-----END PUBLIC KEY-----

In the interim I have been using pubkey2ssh.c (attached), but this sure
seems like something that ssh-keygen should handle.


Enhancement Part
================

Outside of the above fix it would be wonderful if ssh-keygen could just
import an entire x509 and spit out a complete openssh public & private
key.

Right now I do this with a script something like the following (i
omitted the steps on cert validation etc)

openssl pkcs12 -in cavanaug.p12 -clcerts -out id_rsa
openssl x509 -in id_rsa -pubkey -noout > x
pubkey2ssh x comment > id_rsa.pub

Id love to just be able to do something directly with ssh-keygen

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list