LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-18-2009, 12:03 PM   #1
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,058
Blog Entries: 1

Rep: Reputation: 90
Question RSA to PKCS


Hi!

I'm trying to set up a public RSA key on a router. Now, in the instructions, it says that I need to encode the public key to PKCS. It says I can use sshkey.exe, but i refuse to use something on windows.... even more, I expect to learn how to do it on GNU/Linux. How can I do it?

Thanks in advance
 
Old 06-20-2009, 01:52 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
Check the rsa(1) manpages. It looks like you could probably use:

$ openssl rsa -outform DER -in key.here -out new.key.here

I have not tested that. It might require some more investigation and some tweaking.

-------

edit: Also check the pkcs8(1) manpages...

Last edited by anomie; 06-20-2009 at 01:54 PM.
 
Old 06-30-2009, 02:01 PM   #3
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,058
Blog Entries: 1

Original Poster
Rep: Reputation: 90
Anomie, thanks for your reply. I retook this problem. See, when i try to generate the pkcs from the private key, it works. However, when i try with the private key, it complains. See:

Code:
$ openssl rsa -outform DER -in id_rsa -out id_rsa.priv.pkcs
writing RSA key
$ openssl rsa -pubin -outform DER -in id_rsa.pub -out id_rsa.pub.pkcs
unable to load Public Key
11146:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: PUBLIC KEY
Both files (id_rsa and id_rsa.pub) where generated in a single ssh-keygen execution. Any idea what I'm missing?
 
Old 06-30-2009, 02:12 PM   #4
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Costa Rica
Distribution: Kubuntu, Debian, Knoppix
Posts: 2,058
Blog Entries: 1

Original Poster
Rep: Reputation: 90
I think I got it. I have to use the private key as input and tell it to put out the public key:

Code:
$ openssl rsa -outform DER -pubout -in id_rsa -out id_rsa.pub.pkcs
writing RSA key

Last edited by eantoranz; 06-30-2009 at 03:30 PM. Reason: typo
 
Old 07-08-2016, 03:00 AM   #5
Air512
LQ Newbie
 
Registered: Jul 2016
Posts: 1

Rep: Reputation: Disabled
I know it's a very old question but it might save others time.

These days I've stumbled on the same issue by configuring a Huawei equipment and their manual was suggesting to use the same sshkey.exe dubious tool. After a bit of struggle here is the command line, as issued from my Ubuntu 14.04, for converting a regular 2048 bit rsa ssh public key into the very same format, as displayed by that tool:

$ ssh-keygen -ef id_rsa.pub -m PEM | openssl rsa -RSAPublicKey_in -outform DER | hexdump -v -e '4/1 "%02X " "\n"' | awk '{printf("%s%s%s%s ", $1, $2, $3, $4); if(!(NR%6)) print "";}; END {print ""}' | tail -n +2

If curious, here are some explanations:
- "ssh-keygen -ef id_rsa.pub -m PEM": converts the id_rsa.pub ssh public key to PEM format (i.e. -----BEGIN RSA PUBLIC KEY-----
<base64_encoded_key>
-----END RSA PUBLIC KEY-----)

- openssl rsa -RSAPublicKey_in -outform DER: convert it into DER format. It's a binary format so it's difficult to show any insights here

- hexdump -v -e '4/1 "%02X " "\n"': display it in hexadecimal, four bytes per row. The hexdump utility has the ability to group the data by dwords but since my system is little-endian it swaps the bytes order and I couldn't find any way to change its endianess

- awk '{printf("%s%s%s%s ", $1, $2, $3, $4); if(!(NR%6)) print "";}; END {print ""}': print the data as six big-endian dwords per row, similar with the sshkey.exe tool

- tail -n +2: drop the first line. I'm not sure what that line represents. It looks like a smaller ASN.1 encoded structure. Anyway, the Huawei equipment was happy with the format and it successfully matched my private key when logged in via ssh.

It hope it helps!
 
1 members found this post helpful.
  


Reply

Tags
keys, rsa


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
evolution pkcs#12 Lobais Linux - Software 2 10-02-2006 08:09 AM
Which is easier to install on Linux PGP, x.509/PKCS, SAML, or SSO Web Services sdonohue Linux - Software 2 09-26-2006 04:12 PM
how to GENERATE A PKCS #10 certificate USING RED HAT 7.3 cesemj Linux - Security 1 02-03-2006 03:12 PM
HOW TO GENERATE A PKCS #10 certificate USING RED HAT 7.3 cesemj Linux - General 1 02-03-2006 02:28 PM


All times are GMT -5. The time now is 02:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration