Jameson "Chema" Quinn wrote:
Jameson "Chema" Quinn wrote:
I have a public key in the following format:
ssh-dss
AAAAB3NzaC1kc3MAAACBANp8I4YOSRlhoLGkHzRL1n0oOyrZUpJwxAv2nYgfeFtCxGT1V3S5yPchB/eQhOlh2qsRD9C85FFQPhIIoGhcFObQ8JApDhGC7Ry/9rU+kygRMvc5QwKR2nmGHb2S8NV8GwqAZXfYCM9IEwErS8BY+H0PGzJtBXw926fwz7YgJmZLAAAAFQCzrVxVqen0ZQ08EimzTtBimRvvAwAAAIBGqpPGAw9fUcBRMlAGSUMDRthh+vKg5HJx52rupinjpZrptdgSpJRTtQXebAbB0rWQgMh5o/sYZzpHurfFJVKzjdrpBFji2FnCsO5zThSuCn07oDHidr9JEgJ/lHwHB57JQX6f+PT2KK6/N7rw2kwF1+mZDgWbhjxA1AZC4KSUgQAAAIBT41q0iIYSRJD6rB7ywN9rXCVwNtcG/Y8U/Bqh1cc4lYb9R5hNcRSqAkgis0BFxpM3frzZKpgdyX/I7HScGpbiGUlBFf/sX3YnUFsfHHg+OnuVqYzlKL8iEfP+RTpeqnHV/AdWOUELVJzHqk7FD31Tf+IGbt25vI3FjEDkQWYpdg=
=
that is, "ssh-dss " followed by a base64-encoded blob which has the
following five values, each preceded by their length in bytes:
*"ssh-dss" (again, this time no space)
*the four integers that dss uses (p,q,g,y).
Well, this part here is defined in RFC 4253. The other formats used to
store them are described across various docs.
...........
I have tried everything I can think of - all combinations of ssh-keygen -if, -ef; openssl dgst -keyform P,S,1,... The problem is
that I do not really know what I'm aiming for, as I have no example of signatures working - I can make a signature, but I cannot
verify it. As to fixing openssl to read this format natively, I have looked
around the code, and am stuck on EVP_PKEY_DSAX - there
5 versions and I do not know which one to use.
I guess that I will figure that latter problem out eventually, but I really
could use a working keypair for comparison. If I could
visually compare in order to figure out the problem with ssh-keygen -e I could
just keep two copies of the public key for now.
Are you sure that the format is RFC4253? This is the same format as the ssh
key, without the -----BEGIN stuff; but when I
that stuff manually it does not work.
Well I'm not sure signing/verifying with ssh keys constitutes a valid
use-case; maybe you could describe what you want in detail.
In case your problems pertain to dealing with ssh key formats and using
them, you maybe better off asking this on the openssh list.
[If you just want to programmatically sign/verify using ssh keys that
should be easy enough; openssh uses openssl for the cryptographic ops. I
gather that you're stuck at making a key structure out of the blob. Take
a look at key.c,key.h in the openssh sources]
-jb
--
Real computer scientists don't comment their code. The identifiers are
so long they can't afford the disk space.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
