Re: How to use publickey from x509 certificate?

From: Damien Miller (djm_at_mindrot.org)
Date: 07/08/04

  • Next message: Lauri Bettencourt: "openssh-3.8.1p1 & Solaris 8 Installation Issue"
    Date: Thu, 08 Jul 2004 22:19:42 +1000
    To: Tanja Wittke <tawi@gruft.de>
    
    

    Tanja Wittke wrote:
    > Hello,
    >
    > I have the following problem: I want to use publickey authentication by
    > using the publickey of a x509 certificate stored on a java card. I can
    > already extract the publickey of the certificate and write it into a
    > file. The problem i have is that i don't know how to convert the
    > certificate's publickey into an rsa publickey format that openssh will
    > accept.

    You will need the private key if you want to do ssh authentication too,
    this isn't contained in the certificate. Most smartcards are configured
    not to allow extraction of the private key.

    The public key is easy to extract:

    $ openssl x509 -pubkey -noout -in newcert.pem
    -----BEGIN PUBLIC KEY-----
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiax2Tn3aXOVOqSw5EP+Hc+Euy
    hyfm5XxYFFhCI8KOw9UcUZ5uaZ4u+hca8DlM6vrP4GnU1f8RQK77D/uLRrwGb+5k
    X0In4/sbSipOG3mxnPN9LC5gS06t1JSbOwhWbGECtWwbYCz0XF/HsFf5gP06Sexa
    aYMN/isaJQjBSXBECQIDAQAB
    -----END PUBLIC KEY-----

    (this assumes your certificate is PEM encoded)

    -d


  • Next message: Lauri Bettencourt: "openssh-3.8.1p1 & Solaris 8 Installation Issue"

    Relevant Pages

    • Re: Tectia 5 Certificate Authentication
      ... User E - publickey, Certificate only, where the certificate method is ... qualified by selectors requiring a correct pattern match on the user ... including both the normal publickey method and the ...
      (comp.security.ssh)
    • Re: Tectia 5 Certificate Authentication
      ... Yes, I have publickey enabled, with the associated certificate ... selectors in the ssh-server-config.xml file, however I cannot get it to ... publickey or keyboard-interactive or gssapi or certificate/with ...
      (comp.security.ssh)
    • Signature verification from signer´s PKCS7 contained cert
      ... I need to verify a PKCS7 signature against the signer certificate contained ... build a publickey to be used in CryptVerifySignature using the PKCS7 cert.? ...
      (microsoft.public.platformsdk.security)
    • Using Java Cryptography Architecture with OpenSSL
      ... I'm trying to create a RSA Public and Private key using JCA which I ... PublicKey pub = pair.getPublic; ... FileOutputStream privfos = new FileOutputStream ... String encPriStr = new BASE64Encoder.encode; ...
      (comp.lang.java.help)
    • Problem with RSACryptoServiceProvider ( incorrect usage of public-private keys ? )
      ... The problem I am expieriencing is that I _cannot_ decrypt anything with ... And I _can_ decrypt everything with private key that was encrypted with ... EncryptedStrAsByt); ... RSA3.FromXmlString(publicKey); ...
      (microsoft.public.dotnet.security)