[Bug 2947] ssh-keygen generated keys are not read in by openssl

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Dec 20 02:45:42 AEDT 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2947

--- Comment #2 from Thomas Schweikle <tschweikle at gmail.com> ---
It should not matter which format I wrote the keys out. Since the
private key is in all cases written in more or less pem-format.

Importing some ssh-keygen generated private key this way should work
out of the box. But it does not. Interestingly if I generate the key
pair using openssl I can import this key and use it together with ssh!
Even ssh-keygen accepts this key and exports an ssh-format public key
from it.

So what does ssh-keygen do other than openssl while writing a key out?
The private key written by ssh-keygen is only usable by ssh-keygen,
while the private key written by openssl is usable by both: ssh-keygen
and openssl!

# openssl genpkey -algorithm RSA -out id_rsa.key -pkeyopt
rsa_keygen_bits:2048 && chmod 0600 id_rsa.key
# openssl rsa -pubout -in id_rsa.key -out id_rsa.pem && chmod 0600
$id_rsa.pem
# cp id_rsa.key id_rsa
# ssh-keygen -y -f id_rsa > id_rsa.pub

but

# ssh-keygen -t rsa -b 2048 -N "" -C "" -f id_rsa
# openssl rsa -pubout -in id_rsa.key -out id_rsa.pem

Creates a key openssl chocs on:
unable to load Private Key
140028946031680:error:0909006C:PEM routines:get_name:no start
line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

Visually there is no difference with these files (except for the key).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list