[PATCH] ssh-keygen: support public key import/export using SubjectPublicKeyInfo

Damien Miller djm at mindrot.org
Mon Jul 30 10:24:38 EST 2012

On Sat, 28 Jul 2012, Alon Bar-Lev wrote:

> ssh-keygen already supports importing and exporting ssh keys using
> various formats.
> The "-m PEM" which should have been the easiest to be used with
> various of external application expects PKCS#1 encoded key, while
> many applications use SubjectPublicKeyInfo encoded key.
> This change adds SubjectPublicKeyInfo support, to ease integration
> with applications.

I've not heard the term "SubjectPublicKeyInfo" used to refer to a
public key format before, but what the format you seem to be importing
and exporting seems to be what we implement as PKCS8, though I think 
this might be a misnomer.

If you s/SUBJECTINFO/PKCS8/ in your examples then they should work.

> Examples:
>  ## convert SubjectPublicKeyInfo public key to SSH public key
>  $ openssl req -newkey rsa:2048 -nodes -pubkey -subj "/CN=test" \
>    -noout -keyout /dev/null | \
>    ssh-keygen -i -m SUBJECTINFO -f /proc/self/fd/0
>  ## convert X.509 certificate to SSH public key
>  $ openssl req -newkey rsa:2048 -nodes -x509 -subj "/CN=test" \
>    -keyout /dev/null | openssl x509 -pubkey -noout | \
>    ssh-keygen -i -m SUBJECTINFO -f /proc/self/fd/0
>  ## convert SSH public key to SubjectPublicKeyInfo public key
>  $ ssh-keygen -e -m SUBJECTINFO -f ~/.ssh/id_rsa.pub | \
>    openssl rsa -pubin -text


More information about the openssh-unix-dev mailing list