[PATCH] ssh-keygen: support public key import/export using SubjectPublicKeyInfo
Damien Miller
djm at mindrot.org
Mon Jul 30 10:24:38 EST 2012
On Sat, 28 Jul 2012, Alon Bar-Lev wrote:
> ssh-keygen already supports importing and exporting ssh keys using
> various formats.
>
> The "-m PEM" which should have been the easiest to be used with
> various of external application expects PKCS#1 encoded key, while
> many applications use SubjectPublicKeyInfo encoded key.
>
> This change adds SubjectPublicKeyInfo support, to ease integration
> with applications.
I've not heard the term "SubjectPublicKeyInfo" used to refer to a
public key format before, but what the format you seem to be importing
and exporting seems to be what we implement as PKCS8, though I think
this might be a misnomer.
If you s/SUBJECTINFO/PKCS8/ in your examples then they should work.
> Examples:
> ## convert SubjectPublicKeyInfo public key to SSH public key
> $ openssl req -newkey rsa:2048 -nodes -pubkey -subj "/CN=test" \
> -noout -keyout /dev/null | \
> ssh-keygen -i -m SUBJECTINFO -f /proc/self/fd/0
>
> ## convert X.509 certificate to SSH public key
> $ openssl req -newkey rsa:2048 -nodes -x509 -subj "/CN=test" \
> -keyout /dev/null | openssl x509 -pubkey -noout | \
> ssh-keygen -i -m SUBJECTINFO -f /proc/self/fd/0
>
> ## convert SSH public key to SubjectPublicKeyInfo public key
> $ ssh-keygen -e -m SUBJECTINFO -f ~/.ssh/id_rsa.pub | \
> openssl rsa -pubin -text
-d
More information about the openssh-unix-dev
mailing list