[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssh-bugs
Subject:    [Bug 2947] ssh-keygen generated keys are not read in by openssl
From:       bugzilla-daemon () bugzilla ! mindrot ! org
Date:       2018-12-19 15:45:42
Message-ID: bug-2947-705-CzgMI9nui2 () https ! bugzilla ! mindrot ! org/
[Download RAW message or body]

https://bugzilla.mindrot.org/show_bug.cgi?id=2947

--- Comment #2 from Thomas Schweikle <tschweikle@gmail.com> ---
It should not matter which format I wrote the keys out. Since the
private key is in all cases written in more or less pem-format.

Importing some ssh-keygen generated private key this way should work
out of the box. But it does not. Interestingly if I generate the key
pair using openssl I can import this key and use it together with ssh!
Even ssh-keygen accepts this key and exports an ssh-format public key
from it.

So what does ssh-keygen do other than openssl while writing a key out?
The private key written by ssh-keygen is only usable by ssh-keygen,
while the private key written by openssl is usable by both: ssh-keygen
and openssl!

# openssl genpkey -algorithm RSA -out id_rsa.key -pkeyopt
rsa_keygen_bits:2048 && chmod 0600 id_rsa.key
# openssl rsa -pubout -in id_rsa.key -out id_rsa.pem && chmod 0600
$id_rsa.pem
# cp id_rsa.key id_rsa
# ssh-keygen -y -f id_rsa > id_rsa.pub

but

# ssh-keygen -t rsa -b 2048 -N "" -C "" -f id_rsa
# openssl rsa -pubout -in id_rsa.key -out id_rsa.pem

Creates a key openssl chocs on:
unable to load Private Key
140028946031680:error:0909006C:PEM routines:get_name:no start
line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY

Visually there is no difference with these files (except for the key).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[prev in list] [next in list] [prev in thread] [next in thread]