[Cryptography Team] Reading ssh pub/private keys

Bert Freudenberg bert at freudenbergs.de
Fri Mar 30 11:04:02 UTC 2007 

FYI, attached is my simple DSA key reader. It does not use the Crypto  
package. Sorry, we are space-constrained on the OLPC -- mine is about  
30 lines of code including ASN.1 decoding. It helps a lot if you know  
precisely what to expect ;)

I also attached a test key, it was generated with

	ssh-keygen -t dsa -f test.key

So thanks anyway, you pointed me into the right direction and  
starting from a working example was a great help!

- Bert -

On Mar 30, 2007, at 11:36 , Bert Freudenberg wrote:

> Hi Rob,
>
> turns out the private key file has the public part in it, too, it  
> stores (0, p, q, g, y, x). DSAPrivateKeyFileReader assumes some  
> more fields whereas my key just has the blob data in it, and it is  
> not encrypted by a passphrase. Using the ASN.1 reader on my blob  
> worked fine, though.
>
> Thanks a lot!
>
> - Bert -
>
> On Mar 29, 2007, at 15:33 , Robert Withers wrote:
>
>> Bert, there are indeed Base64 encoded.  For starters, you can try:
>>
>> 	(DSAPrivateKeyFileReader fromFile: privateKeyFileName) asPrivateKey
>>
>> I am not sure about the publicKey, but you could try the same  
>> reader code.  Internally, it strips off the PEM markings (----- 
>> BEGIN DSA...and so on), the does a Base64 decode and leaves you  
>> with bytes.  The #asPrivateKey will take those bytes and do an ASN. 
>> 1 decode on them.  My point is that the PublicKey may also be ASN. 
>> 1 encoded, so you may find some traction here.
>>
>> Let me know how it goes.
>>
>> Are you implementing SSH?!
>>
>> cheers,
>> Robert
>>
>> On Mar 29, 2007, at 6:23 AM, Bert Freudenberg wrote:
>>
>>> Hi folks,
>>>
>>> I have an ssh-format keypair and would like to extract the  
>>> (p,q,g,x) and (p,q,g,y) DSA tuples from that. The private key  
>>> looks like this:
>>>
>>> -----BEGIN DSA PRIVATE KEY-----
>>> MIIBuwIB..............XCIa3cIp
>>> -----END DSA PRIVATE KEY-----
>>>
>>> and the public key:
>>>
>>> ssh-dss AAAAB3NzaC1k.........nNEnWCasjXraVA==
>>>
>>> So this looks like Base64-encoded numbers, but how are they  
>>> encoded? The only reference I found was this:
>>>
>>> http://www.openssh.com/txt/draft-ietf-secsh-publickeyfile-02.txt
>>>
>>> But it does not detail how the "binary blob" translates to DSA  
>>> tuples.
>>>
>>> - Bert -
>>>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: loadOLPCKeys-bf.1.cs.gz
Type: application/x-gzip
Size: 1155 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/cryptography/attachments/20070330/a4e77c02/loadOLPCKeys-bf.1.cs.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.key
Type: application/octet-stream
Size: 672 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/cryptography/attachments/20070330/a4e77c02/test.obj
-------------- next part --------------

More information about the Cryptography mailing list