Using ssh-keygen from OpenSSH-2.9p1, I can perform the following key
conversions:
- convert a commercial public key into an OpenSSH public key:
% ssh-keygen -i -f commercial-key.pub > openssh-key.pub
- convert a commercial private key into an OpenSSH private key,
provided that the commercial key has no password
% ssh-keygen -i -f commercial-key > openssh-key
- convert an OpenSSH public key into a commercial public key:
% ssh-keygen -e -f openssh-key.pub > commercial-key.pub
% ssh-keygen -e -f openssh-key > commercial-key.pub
(these both do the same thing)
I am left with two questions. First, the inability to convert
encrypted commercial keys into similarly encrypted OpenSSH keys is
unfortunate. Can anyone give me the standard story on why this
doesn't work as one might hope? Is it simply a feature that is
waiting to be implemented, or are there deeper intractable issues?
Second, there is one conversion path missing. How does one convert an
OpenSSH private key into a commercial private key?
Thank you!
On Tue, 5 Jun 2001, Ben Liblit wrote:> I am left with two questions. First, the inability to convert > encrypted commercial keys into similarly encrypted OpenSSH keys is > unfortunate. Can anyone give me the standard story on why this > doesn't work as one might hope? Is it simply a feature that is > waiting to be implemented, or are there deeper intractable issues? > > Second, there is one conversion path missing. How does one convert an > OpenSSH private key into a commercial private key?We don't know what format ssh.com uses to store their private keys and no one has come forward to reverse engineer it. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer
On Tue, Jun 05, 2001 at 06:21:46PM -0700, Ben Liblit wrote:> Using ssh-keygen from OpenSSH-2.9p1, I can perform the following key > conversions: > > - convert a commercial public key into an OpenSSH public key: > > % ssh-keygen -i -f commercial-key.pub > openssh-key.pub > > - convert a commercial private key into an OpenSSH private key, > provided that the commercial key has no password > > % ssh-keygen -i -f commercial-key > openssh-key > > - convert an OpenSSH public key into a commercial public key: > > % ssh-keygen -e -f openssh-key.pub > commercial-key.pub > % ssh-keygen -e -f openssh-key > commercial-key.pub > > (these both do the same thing) > > I am left with two questions. First, the inability to convert > encrypted commercial keys into similarly encrypted OpenSSH keys is > unfortunate. Can anyone give me the standard story on why this > doesn't work as one might hope?show us patches :) i have no idea how they encrypt the key. however, you can still decrypt the key using the commercial software.> Is it simply a feature that is > waiting to be implemented, or are there deeper intractable issues?i won't implement this.> Second, there is one conversion path missing. How does one convert an > OpenSSH private key into a commercial private key?no documentation, no code. i think openssh's keygen has all features needed for migrating to openssh. -m
Possibly Parallel Threads
- Patch for ssh-keygen to allow conversion of public key to openssh format
- [Bug 2342] New: ssh-keygen gives wrong error loading public key message
- [Bug 1784] New: ssh-keygen fails when filename of key file contains multiple slashes
- [PATCH] ssh-keygen: support public key import/export using SubjectPublicKeyInfo
- [Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key