> From: owner-openssl-us...@openssl.org On Behalf Of loodafan
> Sent: Wednesday, 27 May, 2009 06:59
> I have a question regadring conversion of a SSH2 key to
> either a pem or der file.
> Is this possible only using OpenSSL? Or do I first need to
> convert the SSH2 key to something else before I can convert
> it to pem/der?
>
OpenSSL AFAIK doesn't support either the 'commercial' (RFC4716)
format you quoted or the OpenSSH 'native' PUBLICKEY format.
(Both use base64 of a series of 4-byte-length + data fields,
see 4253; 4716 then wraps this in NEARLY but not quite PEM,
'native' makes each entry a text line with some added fields.)
If you are using OpenSSH on the SSH side or can, it DOES use
OpenSSL format for the PRIVATEKEY files, conventionally
id_rsa or id_dsa; I don't know about the commercial versions.
If you are the keyholder or the keyholder is cooperative,
you/they can extract the public key into a similarly
OpenSSL-compatible PEM or DER file with {rsa,dsa} -pubout
(though the latter is missing from the helpmsg).
Otherwise, you can take the body part of your SSH public file
and base64 decode it (openssl enc -a -d can do this, and so can
lots of other programs, base64 is quite common); then extract
the fields (label, e, n for RSA; label, p, q, g, y for DSA)
and re-pack them into an appropriate PublicKeyInfo DER
(and if desired wrap as PEM) for OpenSSL. I'd guess this is
about 20 lines of glitzless perl, maybe 100 lines or so of C.
You may get away with a lazy BER-but-not-DER encoding;
I think OpenSSL will still read it without complaining.
It's quite possible that someone has already done this,
but I wouldn't know where to look.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
