[Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Apr 3 10:46:22 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1749
Summary: ssh-keygen cant "import" a generic x509 rsa public key
Product: Portable OpenSSH
Version: 5.4p1
Platform: Other
OS/Version: Other
Status: NEW
Severity: normal
Priority: P2
Component: ssh-keygen
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: cavanaughwww+public at gmail.com
Created an attachment (id=1827)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1827)
pubkey2ssh
I think this is part defect part enhancement.
Defect Part
===========
I have a public key generated via
prompt> openssl x509 -in cavanaug.x509 -pubkey -noout >
cavanaug_x509.pub
that I would like to have ssh-keygen convert to an openssh public key
format.
prompt> ssh-keygen -i -f cavanaug_x509.pub
buffer_get_string_ret: bad string length 813826338
key_from_blob: can't read key type
decode blob failed.
prompt> cat cavanaug_x509.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+8jp5YdUEqoNjmhg3X
c+oMARMrXH5erMRh+C1DeAE/KxZd0ZXjhbDJ1NwvvIlmLJO6tmlqtbnNILgpJjna
dPor6fcVsiLgHtwD5CuydAfxjQBXRCvPBqL+/M1tNMhcgR4AYzfitUP2IFhSLmgF
3+lPZYJiyWeTPMGgbgNbjef66ogaaoV0TLmuONQjmH0QI9LcPO7pbErOBgOEytYP
LUvgNyu7z/wgV+sQoxB6jYhsI2msQ+s6cwGna8fLa2R9tKr27rzv0kyeL1h9ZLd2
TiwEen+XkcRFgDkzPPoiHl1i9/osia+uvd/YeQxWlNRMldgNZ+sa2Yy/2Sz7XSRb
dwIDAQAB
-----END PUBLIC KEY-----
In the interim I have been using pubkey2ssh.c (attached), but this sure
seems like something that ssh-keygen should handle.
Enhancement Part
================
Outside of the above fix it would be wonderful if ssh-keygen could just
import an entire x509 and spit out a complete openssh public & private
key.
Right now I do this with a script something like the following (i
omitted the steps on cert validation etc)
openssl pkcs12 -in cavanaug.p12 -clcerts -out id_rsa
openssl x509 -in id_rsa -pubkey -noout > x
pubkey2ssh x comment > id_rsa.pub
Id love to just be able to do something directly with ssh-keygen
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list