Re: How to use publickey from x509 certificate?

From: Damien Miller (djm_at_mindrot.org)
Date: 07/08/04

  • Next message: Lauri Bettencourt: "openssh-3.8.1p1 & Solaris 8 Installation Issue"
    Date: Thu, 08 Jul 2004 22:19:42 +1000
    To: Tanja Wittke <tawi@gruft.de>
    
    

    Tanja Wittke wrote:
    > Hello,
    >
    > I have the following problem: I want to use publickey authentication by
    > using the publickey of a x509 certificate stored on a java card. I can
    > already extract the publickey of the certificate and write it into a
    > file. The problem i have is that i don't know how to convert the
    > certificate's publickey into an rsa publickey format that openssh will
    > accept.

    You will need the private key if you want to do ssh authentication too,
    this isn't contained in the certificate. Most smartcards are configured
    not to allow extraction of the private key.

    The public key is easy to extract:

    $ openssl x509 -pubkey -noout -in newcert.pem
    -----BEGIN PUBLIC KEY-----
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiax2Tn3aXOVOqSw5EP+Hc+Euy
    hyfm5XxYFFhCI8KOw9UcUZ5uaZ4u+hca8DlM6vrP4GnU1f8RQK77D/uLRrwGb+5k
    X0In4/sbSipOG3mxnPN9LC5gS06t1JSbOwhWbGECtWwbYCz0XF/HsFf5gP06Sexa
    aYMN/isaJQjBSXBECQIDAQAB
    -----END PUBLIC KEY-----

    (this assumes your certificate is PEM encoded)

    -d


  • Next message: Lauri Bettencourt: "openssh-3.8.1p1 & Solaris 8 Installation Issue"