Smalltalk › Squeak › Other › Squeak - Cryptography

Reading ssh pub/private keys

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

8 messages Options

Bert Freudenberg

Reading ssh pub/private keys

Hi folks,

I have an ssh-format keypair and would like to extract the (p,q,g,x)
and (p,q,g,y) DSA tuples from that. The private key looks like this:

-----BEGIN DSA PRIVATE KEY-----
MIIBuwIB..............XCIa3cIp
-----END DSA PRIVATE KEY-----

and the public key:

ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==

So this looks like Base64-encoded numbers, but how are they encoded?
The only reference I found was this:

http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt

But it does not detail how the "binary blob" translates to DSA tuples.

- Bert -

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Rob Withers

Re: Reading ssh pub/private keys

Bert, there are indeed Base64 encoded. For starters, you can try:

(DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey

I am not sure about the publicKey, but you could try the same reader
code. Internally, it strips off the PEM markings (-----BEGIN
DSA...and so on), the does a Base64 decode and leaves you with
bytes. The #asPrivateKey will take those bytes and do an ASN.1
decode on them. My point is that the PublicKey may also be ASN.1
encoded, so you may find some traction here.

Let me know how it goes.

Are you implementing SSH?!

cheers,
Robert

On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:

> Hi folks,
>
> I have an ssh-format keypair and would like to extract the
> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key looks
> like this:
>
> -----BEGIN DSA PRIVATE KEY-----
> MIIBuwIB..............XCIa3cIp
> -----END DSA PRIVATE KEY-----
>
> and the public key:
>
> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>
> So this looks like Base64-encoded numbers, but how are they
> encoded? The only reference I found was this:
>
> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>
> But it does not detail how the "binary blob" translates to DSA tuples.
>
> - Bert -
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Bert Freudenberg

Re: Reading ssh pub/private keys

Thanks Rob, I'll try that (provided I find the
DSAPrivateKeyFileReader class).

I'm not implementing ssh, but the OLPC happens to use that file
format for their per-user keys. So rather than generating our own
(via SecurityManager>>generateLocalKeyPair) which takes a rather long
time on that slow machine, I'd rather just load that.

- Bert -

On Mar 29, 2007, at 15:33 , Robert Withers wrote:

> Bert, there are indeed Base64 encoded. For starters, you can try:
>
> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>
> I am not sure about the publicKey, but you could try the same
> reader code. Internally, it strips off the PEM markings (-----
> BEGIN DSA...and so on), the does a Base64 decode and leaves you
> with bytes. The #asPrivateKey will take those bytes and do an ASN.
> 1 decode on them. My point is that the PublicKey may also be ASN.1
> encoded, so you may find some traction here.
>
> Let me know how it goes.
>
> Are you implementing SSH?!
>
> cheers,
> Robert
>
> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>
>> Hi folks,
>>
>> I have an ssh-format keypair and would like to extract the
>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key
>> looks like this:
>>
>> -----BEGIN DSA PRIVATE KEY-----
>> MIIBuwIB..............XCIa3cIp
>> -----END DSA PRIVATE KEY-----
>>
>> and the public key:
>>
>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>
>> So this looks like Base64-encoded numbers, but how are they
>> encoded? The only reference I found was this:
>>
>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>
>> But it does not detail how the "binary blob" translates to DSA
>> tuples.
>>
>> - Bert -
>>
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>> cryptography
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Rob Withers

Re: Reading ssh pub/private keys

It's in the Cryptography-X509 package.

What exactly is OLPC? I keep reading that acronym.

Rob

On Mar 29, 2007, at 6:45 AM, Bert Freudenberg wrote:

> Thanks Rob, I'll try that (provided I find the
> DSAPrivateKeyFileReader class).
>
> I'm not implementing ssh, but the OLPC happens to use that file
> format for their per-user keys. So rather than generating our own
> (via SecurityManager>>generateLocalKeyPair) which takes a rather
> long time on that slow machine, I'd rather just load that.
>
> - Bert -
>
> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>
>> Bert, there are indeed Base64 encoded. For starters, you can try:
>>
>> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>>
>> I am not sure about the publicKey, but you could try the same
>> reader code. Internally, it strips off the PEM markings (-----
>> BEGIN DSA...and so on), the does a Base64 decode and leaves you
>> with bytes. The #asPrivateKey will take those bytes and do an ASN.
>> 1 decode on them. My point is that the PublicKey may also be ASN.
>> 1 encoded, so you may find some traction here.
>>
>> Let me know how it goes.
>>
>> Are you implementing SSH?!
>>
>> cheers,
>> Robert
>>
>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>
>>> Hi folks,
>>>
>>> I have an ssh-format keypair and would like to extract the
>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key
>>> looks like this:
>>>
>>> -----BEGIN DSA PRIVATE KEY-----
>>> MIIBuwIB..............XCIa3cIp
>>> -----END DSA PRIVATE KEY-----
>>>
>>> and the public key:
>>>
>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>
>>> So this looks like Base64-encoded numbers, but how are they
>>> encoded? The only reference I found was this:
>>>
>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>
>>> But it does not detail how the "binary blob" translates to DSA
>>> tuples.
>>>
>>> - Bert -
>>>
>>>
>>> _______________________________________________
>>> Cryptography mailing list
>>> [hidden email]
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>> cryptography
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>> cryptography
>
>
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Bert Freudenberg

Re: Reading ssh pub/private keys

Hmm, the latest release on Squeakmap is for Squeak 3.4 ...

For OLPC see http://laptop.org

- Bert -

On Mar 29, 2007, at 16:38 , Robert Withers wrote:

> It's in the Cryptography-X509 package.
>
> What exactly is OLPC? I keep reading that acronym.
>
> Rob
>
> On Mar 29, 2007, at 6:45 AM, Bert Freudenberg wrote:
>
>> Thanks Rob, I'll try that (provided I find the
>> DSAPrivateKeyFileReader class).
>>
>> I'm not implementing ssh, but the OLPC happens to use that file
>> format for their per-user keys. So rather than generating our own
>> (via SecurityManager>>generateLocalKeyPair) which takes a rather
>> long time on that slow machine, I'd rather just load that.
>>
>> - Bert -
>>
>> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>>
>>> Bert, there are indeed Base64 encoded. For starters, you can try:
>>>
>>> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>>>
>>> I am not sure about the publicKey, but you could try the same
>>> reader code. Internally, it strips off the PEM markings (-----
>>> BEGIN DSA...and so on), the does a Base64 decode and leaves you
>>> with bytes. The #asPrivateKey will take those bytes and do an
>>> ASN.1 decode on them. My point is that the PublicKey may also be
>>> ASN.1 encoded, so you may find some traction here.
>>>
>>> Let me know how it goes.
>>>
>>> Are you implementing SSH?!
>>>
>>> cheers,
>>> Robert
>>>
>>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>>
>>>> Hi folks,
>>>>
>>>> I have an ssh-format keypair and would like to extract the
>>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key
>>>> looks like this:
>>>>
>>>> -----BEGIN DSA PRIVATE KEY-----
>>>> MIIBuwIB..............XCIa3cIp
>>>> -----END DSA PRIVATE KEY-----
>>>>
>>>> and the public key:
>>>>
>>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>>
>>>> So this looks like Base64-encoded numbers, but how are they
>>>> encoded? The only reference I found was this:
>>>>
>>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>>
>>>> But it does not detail how the "binary blob" translates to DSA
>>>> tuples.
>>>>
>>>> - Bert -
>>>>
>>>>
>>>> _______________________________________________
>>>> Cryptography mailing list
>>>> [hidden email]
>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>>> cryptography
>>>
>>> _______________________________________________
>>> Cryptography mailing list
>>> [hidden email]
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>> cryptography
>>
>>
>>
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>> cryptography
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Rob Withers

Re: Reading ssh pub/private keys

Use this Monticello repository:

MCHttpRepository
location: 'http://www.squeaksource.com/Cryptography'
user: ''
password: ''

Then load pretty much everything. You will definitely need DSA, ASN.
1, X509, Core, RandomAndPrime.

OLPC is Neat. Thanks for the link.

Rob

On Mar 29, 2007, at 7:48 AM, Bert Freudenberg wrote:

> Hmm, the latest release on Squeakmap is for Squeak 3.4 ...
>
> For OLPC see http://laptop.org
>
> - Bert -
>
> On Mar 29, 2007, at 16:38 , Robert Withers wrote:
>
>> It's in the Cryptography-X509 package.
>>
>> What exactly is OLPC? I keep reading that acronym.
>>
>> Rob
>>
>> On Mar 29, 2007, at 6:45 AM, Bert Freudenberg wrote:
>>
>>> Thanks Rob, I'll try that (provided I find the
>>> DSAPrivateKeyFileReader class).
>>>
>>> I'm not implementing ssh, but the OLPC happens to use that file
>>> format for their per-user keys. So rather than generating our own
>>> (via SecurityManager>>generateLocalKeyPair) which takes a rather
>>> long time on that slow machine, I'd rather just load that.
>>>
>>> - Bert -
>>>
>>> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>>>
>>>> Bert, there are indeed Base64 encoded. For starters, you can try:
>>>>
>>>> (DSAPrivateKeyFileReader fromFile: privateKeyFileName)
>>>> asPrivateKey
>>>>
>>>> I am not sure about the publicKey, but you could try the same
>>>> reader code. Internally, it strips off the PEM markings (-----
>>>> BEGIN DSA...and so on), the does a Base64 decode and leaves you
>>>> with bytes. The #asPrivateKey will take those bytes and do an
>>>> ASN.1 decode on them. My point is that the PublicKey may also
>>>> be ASN.1 encoded, so you may find some traction here.
>>>>
>>>> Let me know how it goes.
>>>>
>>>> Are you implementing SSH?!
>>>>
>>>> cheers,
>>>> Robert
>>>>
>>>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>>>
>>>>> Hi folks,
>>>>>
>>>>> I have an ssh-format keypair and would like to extract the
>>>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key
>>>>> looks like this:
>>>>>
>>>>> -----BEGIN DSA PRIVATE KEY-----
>>>>> MIIBuwIB..............XCIa3cIp
>>>>> -----END DSA PRIVATE KEY-----
>>>>>
>>>>> and the public key:
>>>>>
>>>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>>>
>>>>> So this looks like Base64-encoded numbers, but how are they
>>>>> encoded? The only reference I found was this:
>>>>>
>>>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>>>
>>>>> But it does not detail how the "binary blob" translates to DSA
>>>>> tuples.
>>>>>
>>>>> - Bert -
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Cryptography mailing list
>>>>> [hidden email]
>>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>>>> cryptography
>>>>
>>>> _______________________________________________
>>>> Cryptography mailing list
>>>> [hidden email]
>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>>> cryptography
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Cryptography mailing list
>>> [hidden email]
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>> cryptography
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>> cryptography
>
>
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Bert Freudenberg

Re: Reading ssh pub/private keys

In reply to this post by Rob Withers

Hi Rob,

turns out the private key file has the public part in it, too, it
stores (0, p, q, g, y, x). DSAPrivateKeyFileReader assumes some more
fields whereas my key just has the blob data in it, and it is not
encrypted by a passphrase. Using the ASN.1 reader on my blob worked
fine, though.

Thanks a lot!

- Bert -

On Mar 29, 2007, at 15:33 , Robert Withers wrote:

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Bert Freudenberg

Re: Reading ssh pub/private keys

FYI, attached is my simple DSA key reader. It does not use the Crypto
package. Sorry, we are space-constrained on the OLPC -- mine is about
30 lines of code including ASN.1 decoding. It helps a lot if you know
precisely what to expect ;)

I also attached a test key, it was generated with

ssh-keygen -t dsa -f test.key

So thanks anyway, you pointed me into the right direction and
starting from a working example was a great help!

- Bert -

On Mar 30, 2007, at 11:36 , Bert Freudenberg wrote:

> Hi Rob,
>
> turns out the private key file has the public part in it, too, it
> stores (0, p, q, g, y, x). DSAPrivateKeyFileReader assumes some
> more fields whereas my key just has the blob data in it, and it is
> not encrypted by a passphrase. Using the ASN.1 reader on my blob
> worked fine, though.
>
> Thanks a lot!
>
> - Bert -
>
> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>
>> Bert, there are indeed Base64 encoded. For starters, you can try:
>>
>> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>>
>> I am not sure about the publicKey, but you could try the same
>> reader code. Internally, it strips off the PEM markings (-----
>> BEGIN DSA...and so on), the does a Base64 decode and leaves you
>> with bytes. The #asPrivateKey will take those bytes and do an ASN.
>> 1 decode on them. My point is that the PublicKey may also be ASN.
>> 1 encoded, so you may find some traction here.
>>
>> Let me know how it goes.
>>
>> Are you implementing SSH?!
>>
>> cheers,
>> Robert
>>
>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>
>>> Hi folks,
>>>
>>> I have an ssh-format keypair and would like to extract the
>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key
>>> looks like this:
>>>
>>> -----BEGIN DSA PRIVATE KEY-----
>>> MIIBuwIB..............XCIa3cIp
>>> -----END DSA PRIVATE KEY-----
>>>
>>> and the public key:
>>>
>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>
>>> So this looks like Base64-encoded numbers, but how are they
>>> encoded? The only reference I found was this:
>>>
>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>
>>> But it does not detail how the "binary blob" translates to DSA
>>> tuples.
>>>
>>> - Bert -
>>>

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

loadOLPCKeys-bf.1.cs.gz (1K) Download Attachment

test.key (684 bytes) Download Attachment