Hello, I have the following problem: I want to use publickey authentication by using the publickey of a x509 certificate stored on a java card. I can already extract the publickey of the certificate and write it into a file. The problem i have is that i don't know how to convert the certificate's publickey into an rsa publickey format that openssh will accept. Does anybody have a hint for me? Thank you in advance, tawi
Tanja Wittke wrote:> Hello, > > I have the following problem: I want to use publickey authentication by > using the publickey of a x509 certificate stored on a java card. I can > already extract the publickey of the certificate and write it into a > file. The problem i have is that i don't know how to convert the > certificate's publickey into an rsa publickey format that openssh will > accept.You will need the private key if you want to do ssh authentication too, this isn't contained in the certificate. Most smartcards are configured not to allow extraction of the private key. The public key is easy to extract: $ openssl x509 -pubkey -noout -in newcert.pem -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiax2Tn3aXOVOqSw5EP+Hc+Euy hyfm5XxYFFhCI8KOw9UcUZ5uaZ4u+hca8DlM6vrP4GnU1f8RQK77D/uLRrwGb+5k X0In4/sbSipOG3mxnPN9LC5gS06t1JSbOwhWbGECtWwbYCz0XF/HsFf5gP06Sexa aYMN/isaJQjBSXBECQIDAQAB -----END PUBLIC KEY----- (this assumes your certificate is PEM encoded) -d
On Fri, Jul 09, 2004 at 10:58:05AM -0400, Paul Myers wrote:> An SSH RSA1 Key looks like the one you describe as used in SSH1 for example. > > An SSH RSA Key looks like the one extracted I believe. > > Please correct me if I am wrong...Sorry, but using ssh-keygen -t rsa -f <filename> creates the following (test) pubkey for ssh2: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAuaJIafCnHyrItU1PGBwdPrdh8lUcHYmw YtnYnXIcm+Oaf+5uNBAfPbcKWVe8SyJDW3Y5WigB4rMswHzYr8mzwT6fgsmbw9u2il26 IlaIiesbwmuEjJ76u5uGAHiI6zI8Dts079wPMPJzo+ks8LYKFZZiPKs8+Myom+7BVs8D Vrc= blablubb (Well, in one line of course, i just inserted line breaks for the mail). Using ssh-keygen -t rsa1 -f <filename> creates keys in RSA1 for SSH1 which look different. My problem is that openssh keys are different from the key structure explained in draft-ietf-secsh-transport. And the only information i have found so far is "openssh keys use a different format". But not, which one... I know that the key consists of a header, a base64 encoded key blob and a comment. But my key blob still seems to be broken, that's why I asked here. - tawi
Seemingly Similar Threads
- Permission denied (publickey,password,keyboard-interactive)
- virt-manager / ssh (publickey)
- [Bug 300] New: publickey authentication logged as hotsbased authentication
- [Bug 300] publickey authentication logged as hotsbased authentication
- [Bug 29] ssh with publickey authentication to AIX system fails with NFS mounted home directory