LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   RSA to PKCS (https://www.linuxquestions.org/questions/linux-security-4/rsa-to-pkcs-733942/)

eantoranz 06-18-2009 12:03 PM
RSA to PKCS
 
Hi!

I'm trying to set up a public RSA key on a router. Now, in the instructions, it says that I need to encode the public key to PKCS. It says I can use sshkey.exe, but i refuse to use something on windows.... even more, I expect to learn how to do it on GNU/Linux. How can I do it?

Thanks in advance

anomie 06-20-2009 01:52 PM
Check the rsa(1) manpages. It looks like you could probably use:

$ openssl rsa -outform DER -in key.here -out new.key.here

I have not tested that. It might require some more investigation and some tweaking.

-------

edit: Also check the pkcs8(1) manpages...

eantoranz 06-30-2009 02:01 PM
Anomie, thanks for your reply. I retook this problem. See, when i try to generate the pkcs from the private key, it works. However, when i try with the private key, it complains. See:

Code:
$ openssl rsa -outform DER -in id_rsa -out id_rsa.priv.pkcs
writing RSA key
$ openssl rsa -pubin -outform DER -in id_rsa.pub -out id_rsa.pub.pkcs
unable to load Public Key
11146:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: PUBLIC KEY
Both files (id_rsa and id_rsa.pub) where generated in a single ssh-keygen execution. Any idea what I'm missing?

eantoranz 06-30-2009 02:12 PM
I think I got it. I have to use the private key as input and tell it to put out the public key:

Code:
$ openssl rsa -outform DER -pubout -in id_rsa -out id_rsa.pub.pkcs
writing RSA key

Air512 07-08-2016 03:00 AM
I know it's a very old question but it might save others time.

These days I've stumbled on the same issue by configuring a Huawei equipment and their manual was suggesting to use the same sshkey.exe dubious tool. After a bit of struggle here is the command line, as issued from my Ubuntu 14.04, for converting a regular 2048 bit rsa ssh public key into the very same format, as displayed by that tool:

$ ssh-keygen -ef id_rsa.pub -m PEM | openssl rsa -RSAPublicKey_in -outform DER | hexdump -v -e '4/1 "%02X " "\n"' | awk '{printf("%s%s%s%s ", $1, $2, $3, $4); if(!(NR%6)) print "";}; END {print ""}' | tail -n +2

If curious, here are some explanations:
- "ssh-keygen -ef id_rsa.pub -m PEM": converts the id_rsa.pub ssh public key to PEM format (i.e. -----BEGIN RSA PUBLIC KEY-----
<base64_encoded_key>
-----END RSA PUBLIC KEY-----)

- openssl rsa -RSAPublicKey_in -outform DER: convert it into DER format. It's a binary format so it's difficult to show any insights here

- hexdump -v -e '4/1 "%02X " "\n"': display it in hexadecimal, four bytes per row. The hexdump utility has the ability to group the data by dwords but since my system is little-endian it swaps the bytes order and I couldn't find any way to change its endianess

- awk '{printf("%s%s%s%s ", $1, $2, $3, $4); if(!(NR%6)) print "";}; END {print ""}': print the data as six big-endian dwords per row, similar with the sshkey.exe tool

- tail -n +2: drop the first line. I'm not sure what that line represents. It looks like a smaller ASN.1 encoded structure. Anyway, the Huawei equipment was happy with the format and it successfully matched my private key when logged in via ssh.

It hope it helps!

maddoxx.alex 07-14-2017 04:55 PM
Quote:
Originally Posted by Air512 (Post 5572377)
I know it's a very old question but it might save others time.
These days I've stumbled on the same issue by configuring a Huawei equipment and their manual was suggesting to use the same sshkey.exe dubious tool.
Many thanks. You are a genius!


All times are GMT -5. The time now is 04:26 PM.