Re: Use ssh-format key

[jimmy bahuleyan]

Jameson "Chema" Quinn wrote:
I have a public key in the following format:
ssh-dss 
AAAAB3NzaC1kc3MAAACBANp8I4YOSRlhoLGkHzRL1n0oOyrZUpJwxAv2nYgfeFtCxGT1V3S5yPchB/eQhOlh2qsRD9C85FFQPhIIoGhcFObQ8JApDhGC7Ry/9rU+kygRMvc5QwKR2nmGHb2S8NV8GwqAZXfYCM9IEwErS8BY+H0PGzJtBXw926fwz7YgJmZLAAAAFQCzrVxVqen0ZQ08EimzTtBimRvvAwAAAIBGqpPGAw9fUcBRMlAGSUMDRthh+vKg5HJx52rupinjpZrptdgSpJRTtQXebAbB0rWQgMh5o/sYZzpHurfFJVKzjdrpBFji2FnCsO5zThSuCn07oDHidr9JEgJ/lHwHB57JQX6f+PT2KK6/N7rw2kwF1+mZDgWbhjxA1AZC4KSUgQAAAIBT41q0iIYSRJD6rB7ywN9rXCVwNtcG/Y8U/Bqh1cc4lYb9R5hNcRSqAkgis0BFxpM3frzZKpgdyX/I7HScGpbiGUlBFf/sX3YnUFsfHHg+OnuVqYzlKL8iEfP+RTpeqnHV/AdWOUELVJzHqk7FD31Tf+IGbt25vI3FjEDkQWYpdg=
=

that is, "ssh-dss " followed by a base64-encoded blob which has the 
following five values, each preceded by their length in bytes:
  *"ssh-dss" (again, this time no space)
  *the four integers that dss uses (p,q,g,y).

This is the format outputted by:
  ssh-keygen -q -t dsa -f %s -C '' -N ''
(actually, this is the command used by the Sugar environment for OLPC to 
make keys, I am trying to use these keys for signatures. Certainly this 
seems to be a pretty standard way to make a key).

If I try
  openssl dgst -dss1 -verify ...
with this key, I get the message "unable to load key file"

Is there any way for me to convert this to a valid key format? If not, 
is it possible that openssl might/should gain the capability to read 
this format? I can even make an attempt to write this into openssl 
myself, but it has been some time since I wrote C and I would really 
appreciate some pointers from somebody who knows the code as to where I 
need to change it.

Thanks,
Jameson


Well the key is in SSH format, have you tried any of the ssh utilities? 
Say does 'ssh-keygen -e' do what your looking for?

If you want to write C code to convert the key, the format is described 
in RFC 4253, and you might want to look at the EVP_PKEY_* functions and 
load_pubkey() in apps/apps.c (and maybe PEM_read_bio_PUBKEY() for 
reference).


-jb
--
Real computer scientists don't comment their code.  The identifiers are
so long they can't afford the disk space.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]