thr3ads.net - openssh bugs - [Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key [Apr 2010]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2010-Apr-02 23:46 UTC

[Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key

https://bugzilla.mindrot.org/show_bug.cgi?id=1749

           Summary: ssh-keygen cant "import" a generic x509 rsa public
key
           Product: Portable OpenSSH
           Version: 5.4p1
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh-keygen
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: cavanaughwww+public at gmail.com


Created an attachment (id=1827)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1827)
pubkey2ssh

I think this is part defect part enhancement.

Defect Part 
==========
I have a public key generated via

prompt> openssl x509 -in cavanaug.x509 -pubkey -noout >
cavanaug_x509.pub

that I would like to have ssh-keygen convert to an openssh public key
format.  

prompt> ssh-keygen -i -f cavanaug_x509.pub
buffer_get_string_ret: bad string length 813826338
key_from_blob: can't read key type
decode blob failed.

prompt> cat cavanaug_x509.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+8jp5YdUEqoNjmhg3X
c+oMARMrXH5erMRh+C1DeAE/KxZd0ZXjhbDJ1NwvvIlmLJO6tmlqtbnNILgpJjna
dPor6fcVsiLgHtwD5CuydAfxjQBXRCvPBqL+/M1tNMhcgR4AYzfitUP2IFhSLmgF
3+lPZYJiyWeTPMGgbgNbjef66ogaaoV0TLmuONQjmH0QI9LcPO7pbErOBgOEytYP
LUvgNyu7z/wgV+sQoxB6jYhsI2msQ+s6cwGna8fLa2R9tKr27rzv0kyeL1h9ZLd2
TiwEen+XkcRFgDkzPPoiHl1i9/osia+uvd/YeQxWlNRMldgNZ+sa2Yy/2Sz7XSRb
dwIDAQAB
-----END PUBLIC KEY-----

In the interim I have been using pubkey2ssh.c (attached), but this sure
seems like something that ssh-keygen should handle.


Enhancement Part
===============
Outside of the above fix it would be wonderful if ssh-keygen could just
import an entire x509 and spit out a complete openssh public & private
key.

Right now I do this with a script something like the following (i
omitted the steps on cert validation etc)

openssl pkcs12 -in cavanaug.p12 -clcerts -out id_rsa
openssl x509 -in id_rsa -pubkey -noout > x
pubkey2ssh x comment > id_rsa.pub

Id love to just be able to do something directly with ssh-keygen

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2010-Jun-28 04:23 UTC

head link

[Bug 1749] ssh-keygen cant "import" a generic x509 rsa public key

https://bugzilla.mindrot.org/show_bug.cgi?id=1749

--- Comment #1 from Damien Miller <djm at mindrot.org>  ---
Created attachment 1888
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1888
/home/djm/keygen-formats.diff

Teach ssh-keygen PEM and PEM+ASN1 key formats for import and export

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2010-Jun-29 23:15 UTC

head link

[Bug 1749] ssh-keygen cant "import" a generic x509 rsa public key

https://bugzilla.mindrot.org/show_bug.cgi?id=1749

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #2 from Damien Miller <djm at mindrot.org>  ---
A revised version of the above patch has been applied and will be in
OpenSSH-5.6. Thanks!

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2011-Jan-24 01:34 UTC

head link

[Bug 1749] ssh-keygen cant "import" a generic x509 rsa public key

https://bugzilla.mindrot.org/show_bug.cgi?id=1749

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> 2011-01-24 12:34:06
EST ---
Move resolved bugs to CLOSED after 5.7 release

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

Seemingly Similar Threads

Search for more seemingly similar threads

openssh bugs - Apr 2010 - [Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key

[Bug 1749] New: ssh-keygen cant "import" a generic x509 rsa public key

[Bug 1749] ssh-keygen cant "import" a generic x509 rsa public key

[Bug 1749] ssh-keygen cant "import" a generic x509 rsa public key

[Bug 1749] ssh-keygen cant "import" a generic x509 rsa public key

Seemingly Similar Threads