Reading ssh pub/private keys

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Reading ssh pub/private keys

Bert Freudenberg
Hi folks,

I have an ssh-format keypair and would like to extract the (p,q,g,x)  
and (p,q,g,y) DSA tuples from that. The private key looks like this:

-----BEGIN DSA PRIVATE KEY-----
MIIBuwIB..............XCIa3cIp
-----END DSA PRIVATE KEY-----

and the public key:

ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==

So this looks like Base64-encoded numbers, but how are they encoded?  
The only reference I found was this:

http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt

But it does not detail how the "binary blob" translates to DSA tuples.

- Bert -


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Reading ssh pub/private keys

Rob Withers
Bert, there are indeed Base64 encoded.  For starters, you can try:

        (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey

I am not sure about the publicKey, but you could try the same reader  
code.  Internally, it strips off the PEM markings (-----BEGIN  
DSA...and so on), the does a Base64 decode and leaves you with  
bytes.  The #asPrivateKey will take those bytes and do an ASN.1  
decode on them.  My point is that the PublicKey may also be ASN.1  
encoded, so you may find some traction here.

Let me know how it goes.

Are you implementing SSH?!

cheers,
Robert

On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:

> Hi folks,
>
> I have an ssh-format keypair and would like to extract the  
> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key looks  
> like this:
>
> -----BEGIN DSA PRIVATE KEY-----
> MIIBuwIB..............XCIa3cIp
> -----END DSA PRIVATE KEY-----
>
> and the public key:
>
> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>
> So this looks like Base64-encoded numbers, but how are they  
> encoded? The only reference I found was this:
>
> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>
> But it does not detail how the "binary blob" translates to DSA tuples.
>
> - Bert -
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Reading ssh pub/private keys

Bert Freudenberg
Thanks Rob, I'll try that (provided I find the  
DSAPrivateKeyFileReader class).

I'm not implementing ssh, but the OLPC happens to use that file  
format for their per-user keys. So rather than generating our own  
(via SecurityManager>>generateLocalKeyPair) which takes a rather long  
time on that slow machine, I'd rather just load that.

- Bert -

On Mar 29, 2007, at 15:33 , Robert Withers wrote:

> Bert, there are indeed Base64 encoded.  For starters, you can try:
>
> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>
> I am not sure about the publicKey, but you could try the same  
> reader code.  Internally, it strips off the PEM markings (-----
> BEGIN DSA...and so on), the does a Base64 decode and leaves you  
> with bytes.  The #asPrivateKey will take those bytes and do an ASN.
> 1 decode on them.  My point is that the PublicKey may also be ASN.1  
> encoded, so you may find some traction here.
>
> Let me know how it goes.
>
> Are you implementing SSH?!
>
> cheers,
> Robert
>
> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>
>> Hi folks,
>>
>> I have an ssh-format keypair and would like to extract the  
>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key  
>> looks like this:
>>
>> -----BEGIN DSA PRIVATE KEY-----
>> MIIBuwIB..............XCIa3cIp
>> -----END DSA PRIVATE KEY-----
>>
>> and the public key:
>>
>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>
>> So this looks like Base64-encoded numbers, but how are they  
>> encoded? The only reference I found was this:
>>
>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>
>> But it does not detail how the "binary blob" translates to DSA  
>> tuples.
>>
>> - Bert -
>>
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography




_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Reading ssh pub/private keys

Rob Withers
It's in the Cryptography-X509 package.

What exactly is OLPC?  I keep reading that acronym.

Rob

On Mar 29, 2007, at 6:45 AM, Bert Freudenberg wrote:

> Thanks Rob, I'll try that (provided I find the  
> DSAPrivateKeyFileReader class).
>
> I'm not implementing ssh, but the OLPC happens to use that file  
> format for their per-user keys. So rather than generating our own  
> (via SecurityManager>>generateLocalKeyPair) which takes a rather  
> long time on that slow machine, I'd rather just load that.
>
> - Bert -
>
> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>
>> Bert, there are indeed Base64 encoded.  For starters, you can try:
>>
>> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>>
>> I am not sure about the publicKey, but you could try the same  
>> reader code.  Internally, it strips off the PEM markings (-----
>> BEGIN DSA...and so on), the does a Base64 decode and leaves you  
>> with bytes.  The #asPrivateKey will take those bytes and do an ASN.
>> 1 decode on them.  My point is that the PublicKey may also be ASN.
>> 1 encoded, so you may find some traction here.
>>
>> Let me know how it goes.
>>
>> Are you implementing SSH?!
>>
>> cheers,
>> Robert
>>
>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>
>>> Hi folks,
>>>
>>> I have an ssh-format keypair and would like to extract the  
>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key  
>>> looks like this:
>>>
>>> -----BEGIN DSA PRIVATE KEY-----
>>> MIIBuwIB..............XCIa3cIp
>>> -----END DSA PRIVATE KEY-----
>>>
>>> and the public key:
>>>
>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>
>>> So this looks like Base64-encoded numbers, but how are they  
>>> encoded? The only reference I found was this:
>>>
>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>
>>> But it does not detail how the "binary blob" translates to DSA  
>>> tuples.
>>>
>>> - Bert -
>>>
>>>
>>> _______________________________________________
>>> Cryptography mailing list
>>> [hidden email]
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>>> cryptography
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
>
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Reading ssh pub/private keys

Bert Freudenberg
Hmm, the latest release on Squeakmap is for Squeak 3.4 ...

For OLPC see http://laptop.org

- Bert -

On Mar 29, 2007, at 16:38 , Robert Withers wrote:

> It's in the Cryptography-X509 package.
>
> What exactly is OLPC?  I keep reading that acronym.
>
> Rob
>
> On Mar 29, 2007, at 6:45 AM, Bert Freudenberg wrote:
>
>> Thanks Rob, I'll try that (provided I find the  
>> DSAPrivateKeyFileReader class).
>>
>> I'm not implementing ssh, but the OLPC happens to use that file  
>> format for their per-user keys. So rather than generating our own  
>> (via SecurityManager>>generateLocalKeyPair) which takes a rather  
>> long time on that slow machine, I'd rather just load that.
>>
>> - Bert -
>>
>> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>>
>>> Bert, there are indeed Base64 encoded.  For starters, you can try:
>>>
>>> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>>>
>>> I am not sure about the publicKey, but you could try the same  
>>> reader code.  Internally, it strips off the PEM markings (-----
>>> BEGIN DSA...and so on), the does a Base64 decode and leaves you  
>>> with bytes.  The #asPrivateKey will take those bytes and do an  
>>> ASN.1 decode on them.  My point is that the PublicKey may also be  
>>> ASN.1 encoded, so you may find some traction here.
>>>
>>> Let me know how it goes.
>>>
>>> Are you implementing SSH?!
>>>
>>> cheers,
>>> Robert
>>>
>>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>>
>>>> Hi folks,
>>>>
>>>> I have an ssh-format keypair and would like to extract the  
>>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key  
>>>> looks like this:
>>>>
>>>> -----BEGIN DSA PRIVATE KEY-----
>>>> MIIBuwIB..............XCIa3cIp
>>>> -----END DSA PRIVATE KEY-----
>>>>
>>>> and the public key:
>>>>
>>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>>
>>>> So this looks like Base64-encoded numbers, but how are they  
>>>> encoded? The only reference I found was this:
>>>>
>>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>>
>>>> But it does not detail how the "binary blob" translates to DSA  
>>>> tuples.
>>>>
>>>> - Bert -
>>>>
>>>>
>>>> _______________________________________________
>>>> Cryptography mailing list
>>>> [hidden email]
>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>>>> cryptography
>>>
>>> _______________________________________________
>>> Cryptography mailing list
>>> [hidden email]
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>>> cryptography
>>
>>
>>
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography




_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Reading ssh pub/private keys

Rob Withers
Use this Monticello repository:

MCHttpRepository
        location: 'http://www.squeaksource.com/Cryptography'
        user: ''
        password: ''

Then load pretty much everything.  You will definitely need DSA, ASN.
1, X509, Core, RandomAndPrime.

OLPC is Neat.   Thanks for the link.

Rob

On Mar 29, 2007, at 7:48 AM, Bert Freudenberg wrote:

> Hmm, the latest release on Squeakmap is for Squeak 3.4 ...
>
> For OLPC see http://laptop.org
>
> - Bert -
>
> On Mar 29, 2007, at 16:38 , Robert Withers wrote:
>
>> It's in the Cryptography-X509 package.
>>
>> What exactly is OLPC?  I keep reading that acronym.
>>
>> Rob
>>
>> On Mar 29, 2007, at 6:45 AM, Bert Freudenberg wrote:
>>
>>> Thanks Rob, I'll try that (provided I find the  
>>> DSAPrivateKeyFileReader class).
>>>
>>> I'm not implementing ssh, but the OLPC happens to use that file  
>>> format for their per-user keys. So rather than generating our own  
>>> (via SecurityManager>>generateLocalKeyPair) which takes a rather  
>>> long time on that slow machine, I'd rather just load that.
>>>
>>> - Bert -
>>>
>>> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>>>
>>>> Bert, there are indeed Base64 encoded.  For starters, you can try:
>>>>
>>>> (DSAPrivateKeyFileReader fromFile: privateKeyFileName)  
>>>> asPrivateKey
>>>>
>>>> I am not sure about the publicKey, but you could try the same  
>>>> reader code.  Internally, it strips off the PEM markings (-----
>>>> BEGIN DSA...and so on), the does a Base64 decode and leaves you  
>>>> with bytes.  The #asPrivateKey will take those bytes and do an  
>>>> ASN.1 decode on them.  My point is that the PublicKey may also  
>>>> be ASN.1 encoded, so you may find some traction here.
>>>>
>>>> Let me know how it goes.
>>>>
>>>> Are you implementing SSH?!
>>>>
>>>> cheers,
>>>> Robert
>>>>
>>>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>>>
>>>>> Hi folks,
>>>>>
>>>>> I have an ssh-format keypair and would like to extract the  
>>>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key  
>>>>> looks like this:
>>>>>
>>>>> -----BEGIN DSA PRIVATE KEY-----
>>>>> MIIBuwIB..............XCIa3cIp
>>>>> -----END DSA PRIVATE KEY-----
>>>>>
>>>>> and the public key:
>>>>>
>>>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>>>
>>>>> So this looks like Base64-encoded numbers, but how are they  
>>>>> encoded? The only reference I found was this:
>>>>>
>>>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>>>
>>>>> But it does not detail how the "binary blob" translates to DSA  
>>>>> tuples.
>>>>>
>>>>> - Bert -
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Cryptography mailing list
>>>>> [hidden email]
>>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>>>>> cryptography
>>>>
>>>> _______________________________________________
>>>> Cryptography mailing list
>>>> [hidden email]
>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>>>> cryptography
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Cryptography mailing list
>>> [hidden email]
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>>> cryptography
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
>
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Reading ssh pub/private keys

Bert Freudenberg
In reply to this post by Rob Withers
Hi Rob,

turns out the private key file has the public part in it, too, it  
stores (0, p, q, g, y, x). DSAPrivateKeyFileReader assumes some more  
fields whereas my key just has the blob data in it, and it is not  
encrypted by a passphrase. Using the ASN.1 reader on my blob worked  
fine, though.

Thanks a lot!

- Bert -

On Mar 29, 2007, at 15:33 , Robert Withers wrote:

> Bert, there are indeed Base64 encoded.  For starters, you can try:
>
> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>
> I am not sure about the publicKey, but you could try the same  
> reader code.  Internally, it strips off the PEM markings (-----
> BEGIN DSA...and so on), the does a Base64 decode and leaves you  
> with bytes.  The #asPrivateKey will take those bytes and do an ASN.
> 1 decode on them.  My point is that the PublicKey may also be ASN.1  
> encoded, so you may find some traction here.
>
> Let me know how it goes.
>
> Are you implementing SSH?!
>
> cheers,
> Robert
>
> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>
>> Hi folks,
>>
>> I have an ssh-format keypair and would like to extract the  
>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key  
>> looks like this:
>>
>> -----BEGIN DSA PRIVATE KEY-----
>> MIIBuwIB..............XCIa3cIp
>> -----END DSA PRIVATE KEY-----
>>
>> and the public key:
>>
>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>
>> So this looks like Base64-encoded numbers, but how are they  
>> encoded? The only reference I found was this:
>>
>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>
>> But it does not detail how the "binary blob" translates to DSA  
>> tuples.
>>
>> - Bert -
>>
>>
>> _______________________________________________
>> Cryptography mailing list
>> [hidden email]
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography




_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Reply | Threaded
Open this post in threaded view
|

Re: Reading ssh pub/private keys

Bert Freudenberg
FYI, attached is my simple DSA key reader. It does not use the Crypto  
package. Sorry, we are space-constrained on the OLPC -- mine is about  
30 lines of code including ASN.1 decoding. It helps a lot if you know  
precisely what to expect ;)

I also attached a test key, it was generated with

        ssh-keygen -t dsa -f test.key

So thanks anyway, you pointed me into the right direction and  
starting from a working example was a great help!

- Bert -

On Mar 30, 2007, at 11:36 , Bert Freudenberg wrote:

> Hi Rob,
>
> turns out the private key file has the public part in it, too, it  
> stores (0, p, q, g, y, x). DSAPrivateKeyFileReader assumes some  
> more fields whereas my key just has the blob data in it, and it is  
> not encrypted by a passphrase. Using the ASN.1 reader on my blob  
> worked fine, though.
>
> Thanks a lot!
>
> - Bert -
>
> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>
>> Bert, there are indeed Base64 encoded.  For starters, you can try:
>>
>> (DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>>
>> I am not sure about the publicKey, but you could try the same  
>> reader code.  Internally, it strips off the PEM markings (-----
>> BEGIN DSA...and so on), the does a Base64 decode and leaves you  
>> with bytes.  The #asPrivateKey will take those bytes and do an ASN.
>> 1 decode on them.  My point is that the PublicKey may also be ASN.
>> 1 encoded, so you may find some traction here.
>>
>> Let me know how it goes.
>>
>> Are you implementing SSH?!
>>
>> cheers,
>> Robert
>>
>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>
>>> Hi folks,
>>>
>>> I have an ssh-format keypair and would like to extract the  
>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key  
>>> looks like this:
>>>
>>> -----BEGIN DSA PRIVATE KEY-----
>>> MIIBuwIB..............XCIa3cIp
>>> -----END DSA PRIVATE KEY-----
>>>
>>> and the public key:
>>>
>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>
>>> So this looks like Base64-encoded numbers, but how are they  
>>> encoded? The only reference I found was this:
>>>
>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>
>>> But it does not detail how the "binary blob" translates to DSA  
>>> tuples.
>>>
>>> - Bert -
>>>



_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

loadOLPCKeys-bf.1.cs.gz (1K) Download Attachment
test.key (684 bytes) Download Attachment