ssh-keygen -b 1024 -t rsa1 -f /.ssh/identity of OpenSSH gives me invalid /.ssh/identity.pub key

Wed, 28 Apr 2004 06:02:40 -0700 

Hello all,

    I am using libcrypto library of OpenSSL with OpenSSH for crypto codes.
This mail is to discuss a strange behaviour that I encountered with RSA-1
key generation in OpenSSL with OpenSSH-3.7.1p2 particularly with version
OpenSSL-0.9.7d.

OpenSSH uses the following [few are listed] APIs from libcrypto for key
generation and other crypto needs.
BN_new( )
BN_mod( )
BN_sub( )
BN_hex2bn( )
BN_num_bits( )
BN_num_bytes( )
RSA_public_encrypt( )
RSA_private_decrypt( )
arc4random( )

Problem
======
OpenSSL-0.9.7d is compiled [with optimization +01] to get libcrypto.a. Now,
this is library is linked with OpenSSH-3.7.1p2 and when RSA1 key is
generated, by SSH program ssh-keygen,

# ssh-keygen -b 1024 -t rsa1 -f /.ssh/identity

The key thus created [in /.ssh/identity.pub], looks like:
1024 0 000000000100.............

Please note that this key is invalid. This problem is particularly with
OpenSSL-0.9.7d version and this can be reproduced with other older and
latest versions of  OpenSSH.

I have done the key generation test with OpenSSL and I was not able to see
any error.
With OpenSSL-0.9.7d
# openssl genrsa >tmpkey
Generating RSA private key, 512 bit long modulus
..++++++++++++
..++++++++++++
e is 65537 (0x10001)
# openssl rsa -check -noout <tmpkey
RSA key ok
# openssl rsa -modulus -noout <tmpkey
Modulus=E047CFA5C1F2A28AC4534A2C0004861D1591EDF7C06A6EF60B057EE6E8D70FB6FA3C
ABE9D7F0AF8DBDB18AA458756A0154845F070E4734063BC28801EAA28D31

Also, I ran "make test" of openssl and there were no errors in that. But,
when I used this library [libcrypto.a], then SSH-1 [that uses RSA1 Key]
failed.
But, the RSA, DSA keys and thereby SSH-2 protocol that uses these keys works
well.

More details about the hardware and the OS versions:
=======================================
Hardware : IPF 64 bit machine [Itanium] as well as PA-RISC
OS Version : HP-UX 11.23 [also reproduced on 11.0, 11.11]
Compiler used : HP C compiler
Optimization level : +01, and also +03 used but no impact on this error and
the error still exists.

I am looking to upgrade the OpenSSL version from 0.9.7c to 0.9.7d to be used
with OpenSSH, but this issue has stopped me from progressing further in
upgrading. Kindly let me know where the error is ?

Thanks in advance,
Murugesan


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to