Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Subject
- Posted on
- Converting SSH2-RSA key to RSA numbers
- 04-02-2005
- Dro Kulix
April 2, 2005, 11:32 am
version of RSA for short encrypted transmissions. Of course it's a
dangerous thing to do when I'm not a crypto expert, but for the moment
that's beside the point. What I have in hand is a basic RSA
implementation that's already been written, which encrypts using an
encryption exponent E and a modulus M, and decrypts using a decryption
exponent D and the same modulus M. I assume, then, than E and M make
up the private key, D and M make up the public key.
Anyway, while I do have the encryption/decryption code, I don't have a
key generator to go with it. I decided that this wasn't going to be a
problem because there are plenty of good programs that will generate an
(unencrypted) OpenSSH SSH2 RSA key, and that I'd only have to find out
how to decode that format.
I've downloaded PuTTY's source to see if I could figure it out from
that. Turns out it's not trivial, so before I actually attempt to do
all the code chasing necessary to figure it out, I wanted to know if
anyone already knew enough about the key file format to save me some
trouble. Specifically, I'm looking to write a routine that converts
the key in an OpenSSH SSH2 RSA private key file into the aforementioned
E, D, and M.
If anyone has any suggestions, I'm all ears.
Thanks -- dro
Re: Converting SSH2-RSA key to RSA numbers
Other way round. The idea is that anyone can encrypt but only the
key owner can decrypt; so E is part of the _public_ key, and D is
the private key.
There's some documentation of the key file format in the source file
`import.c' in the PuTTY source base. The details of how the key is
_encrypted_ for storage aren't stated explicitly (you'd have to look
at the actual code), but if you're generating keys for other uses
then you'd probably make your life easier by generating unencrypted
ones in any case.
Essentially, the base64-encoded block in an OpenSSH key file is
encoded according to ASN.1, which is annoyingly complicated in
general but not _too_ many times worse than necessary for this job.
See the comment around line 538 of the current source.
--
Simon Tatham "Imagine what the world would be like if
Re: Converting SSH2-RSA key to RSA numbers
OpenSSL can read OpenSSH private keys (which are PEM format), with
something like:
$ openssl rsa -text -modulus -in keyfile
You could also use "openssl genrsa" to generate the keys.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
Re: Converting SSH2-RSA key to RSA numbers
Well, actually... it doesn't matter. It's symmetric. You keep one as
private key and publish the other; it doesn't matter which. Encrypt with one
and decrypt with the other, but it works in either direction. In fact, if you
want your correspondent to be able to verify that it's from you, you do it
both ways: encrypt with their public key and encrypt with your private key.
They then decrypt with your public key and decrypt with their private key.
Site Timeline
- » Under what circumstances does scp corrupt data?
- — Next thread in » Secure Shell Forum
- » Ignoring known_hosts
- — Previous thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum
- » Dell Battery Slice LED codes
- — The site's Newest Thread. Posted in » Laptop Computers Forum