RSA to PKCS
Hi!
I'm trying to set up a public RSA key on a router. Now, in the instructions, it says that I need to encode the public key to PKCS. It says I can use sshkey.exe, but i refuse to use something on windows.... even more, I expect to learn how to do it on GNU/Linux. How can I do it? Thanks in advance |
Check the rsa(1) manpages. It looks like you could probably use:
$ openssl rsa -outform DER -in key.here -out new.key.here I have not tested that. It might require some more investigation and some tweaking. ------- edit: Also check the pkcs8(1) manpages... |
Anomie, thanks for your reply. I retook this problem. See, when i try to generate the pkcs from the private key, it works. However, when i try with the private key, it complains. See:
Code:
$ openssl rsa -outform DER -in id_rsa -out id_rsa.priv.pkcs |
I think I got it. I have to use the private key as input and tell it to put out the public key:
Code:
$ openssl rsa -outform DER -pubout -in id_rsa -out id_rsa.pub.pkcs |
I know it's a very old question but it might save others time.
These days I've stumbled on the same issue by configuring a Huawei equipment and their manual was suggesting to use the same sshkey.exe dubious tool. After a bit of struggle here is the command line, as issued from my Ubuntu 14.04, for converting a regular 2048 bit rsa ssh public key into the very same format, as displayed by that tool: $ ssh-keygen -ef id_rsa.pub -m PEM | openssl rsa -RSAPublicKey_in -outform DER | hexdump -v -e '4/1 "%02X " "\n"' | awk '{printf("%s%s%s%s ", $1, $2, $3, $4); if(!(NR%6)) print "";}; END {print ""}' | tail -n +2 If curious, here are some explanations: - "ssh-keygen -ef id_rsa.pub -m PEM": converts the id_rsa.pub ssh public key to PEM format (i.e. -----BEGIN RSA PUBLIC KEY----- <base64_encoded_key> -----END RSA PUBLIC KEY-----) - openssl rsa -RSAPublicKey_in -outform DER: convert it into DER format. It's a binary format so it's difficult to show any insights here - hexdump -v -e '4/1 "%02X " "\n"': display it in hexadecimal, four bytes per row. The hexdump utility has the ability to group the data by dwords but since my system is little-endian it swaps the bytes order and I couldn't find any way to change its endianess - awk '{printf("%s%s%s%s ", $1, $2, $3, $4); if(!(NR%6)) print "";}; END {print ""}': print the data as six big-endian dwords per row, similar with the sshkey.exe tool - tail -n +2: drop the first line. I'm not sure what that line represents. It looks like a smaller ASN.1 encoded structure. Anyway, the Huawei equipment was happy with the format and it successfully matched my private key when logged in via ssh. It hope it helps! |
Quote:
|
All times are GMT -5. The time now is 12:15 AM. |