Convert keys (OpenSSL to OpenSSH)

Ben Hacker Jr strbenjr at yahoo.com
Sun Mar 27 06:15:17 EST 2005


Hello,

  I would like to use Public Key authentication with OpenSSH.  I am trying to use a 
public / private key set created using CA.pl.  http://www.openssl.org/docs/apps/CA.pl.html

I am not sure but I think my OpenSSL keys will not work until some conversion takes place.  
I was able to get them working between Windows (Putty.EXE) and my SSHD server but 
PuttyGen.EXE converted the public keys for me.

QUESTION:  How do I convert the keys myself [using OpenSSL or...] so one unix box 
can talk/SSH to the other using public key authentication???

(* Thanks in advance!! and also please reply directly to me since I am not a member 
of this listserver. *)

I found this message (listed below) on the OpenSSL archives.  
The message explains the differences between the two formats that I am seeing but does 
not help me with converting from one format to the other.

In message <41077310.9080102 at zrz.TU-Berlin.DE> on Wed, 28 Jul 2004 11:34:08 +0200, 
           Gerd Schering <Schering at zrz.TU-Berlin.DE> said:

Schering> Then I extracted the public key,
Schering> 1. with openssl:
Schering> 
Schering> -----BEGIN PUBLIC KEY-----
Schering> MIGdMA0GCSqGSIb3DQEBAQUAA4GLADCBhwKBgQC/mID2ohE8oahTW2/v0uXOKe/9
Schering> 8Lxywo8p0D56prYHlMIUoTMkouoY+DfbF65a1gNQaLCp2izqSPQZvHk9RqESpGkT
Schering> df8voe9uONz902xZ9f5fJVgi2ASQvKpEzlZOWVuPPXWqTe1eqQLQ39wAaX/TqA6h
Schering> raEdYAWxZUUn3iTv1wIBIw==
Schering> -----END PUBLIC KEY-----
Schering> 
Schering> 2. with ssh-keygen:
Schering> 
Schering> ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAv5iA9qIRPKGoU1tv79Llzinv/fC8csKPKdA+e \
Schering> qa2B5TCFKEzJKLqGPg32xeuWtYDUGiwqdos6kj0Gbx5PUahEqRpE3X/L6Hvbjjc/dNsWfX+Xy \
Schering> VYItgEkLyqRM5WTllbjz11qk3tXqkC0N/cAGl/06gOoa2hHWAFsWVFJ94k79c=
Schering> (there are no newlines)
Schering> 
Schering> 
Schering> They look different and the ssh key is not in PEM format.
Schering> But besides that by which means is this difference produced?
Schering> Or s it only the lack of header-, footer-, newlines and the
Schering> "ssh-rsa" which produces a different base64 encoding?

The difference is in structure.  In the PEM form, there are some codes
around the RSA numbers that indicate what they are (ASN.1 structure,
DER encoding, if that says anything).  In the SSH form, the BASE64
stuff includes a repeat of "ssh-rsa", followed by the RSA numbers e
and n, with no extra structure information.

Schering> B.t.w In PEM format, are the newlines part of the
Schering> base64-encoded data, or get the data encoded first?

The data is encoded first, the newlines are added on and are basically
part of the PEM format.  BASE64 can be all in one line if you want.

-- 
Ben Hacker, Jr.
 Sr. Security Analyst
   strbenjr at yahoo.com
   ben_hacker at inter-op.net
 703.751.3757 (w)
-- -- --
http://www.coeba.org
http://www.inter-op.net
http://www.hackerweb.net/bthacker





More information about the openssh-unix-dev mailing list