Re: Base-64 and key format in general

From: Simon Tatham (anakin@pobox.com)
Date: 02/26/02


From: Simon Tatham <anakin@pobox.com>
Date: 26 Feb 2002 09:28:07 +0000 (GMT)

Scott W Reeve <swr@TheWorld.com> wrote:
> - Are all dsa and rsa keys in base64 format?

SSH2 ones typically are. SSH1 keys have a numeric format for their
public key and a binary format for their private key.

(SSH2 private key formats vary widely between clients. Public key
formats aren't completely uniform either.)

> - Can the type (dsa or rsa) be gleaned from the key itself,
> i.e. just from the base64 characters?

Do you mean you've got an SSH2 public key of the form

  ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIBv+8lkrfkfP2OcwZx...

or perhaps one of the form

  ---- BEGIN SSH2 PUBLIC KEY ----
  Subject: simon
  Comment: "1024-bit rsa, simon@foo, Mon Aug 27 2001 17:59:18 +0100"
  AAAAB3NzaC1yc2EAAAADAQABAAAAgQCUr9r1iMUY7Cy1K9gaJUQt7DjUo8F+8TQDi38dzN
  ...
  ---- END SSH2 PUBLIC KEY ----

and you want to know if the information `ssh-rsa' is encoded inside
the base64 bit as well as outside it?

The answer is yes, it is. If you base64-decode the first bit of that
text (AAAAB3NzaC1yc2EA) you'll find that it starts with bytes 00 00
00 07 (indicating that a 7-character string follows) and then the
seven characters "ssh-rsa", which is the key type. DSA keys start
with the slightly different string `AAAAB3NzaC1kc3MA', which decodes
similarly to the string "ssh-dss".

> - What is this format:
> 1024 35 13346646368<snip many,many characters>055347 <username@isp.com>
> It can't be base64 because it's only digits...

This is an RSA public key in SSH1 format. 1024 is the number of bits
in the modulus; 35 is the modulus; and 1334<etc>5347 is the modulus
itself, in decimal.

-- 
Simon Tatham         "Selfless? I'm so selfless I
<anakin@pobox.com>    don't even know who I am."



Relevant Pages

  • RE: Help with OpenSSH -> SSH2 Server
    ... > Well in the past I copied the clients SSH formatted public key up to the ... > server and then ran the conversion on the server. ... > openssh DSA format. ...
    (SSH)
  • Re: F-Secure client talking to OpenSSH server
    ... You need to reformat the public key from SECSH format to the OpenSSH format. ... print the key in a `SECSH Public Key File Format' to stdout. ...
    (SSH)
  • Re: Mailing attachments
    ... > My main machine is a PC running OS/2 (not a Winspit variant, ... > with image file attachments is a major pain. ... > extended CD format is basically ISO-9660. ... Second email using Base64 seems to have solved the problems. ...
    (uk.comp.sys.mac)
  • RE: Public key formatting
    ... I am almost certain that the PublicKey blob is in DER encoded format (like ... the rest of the certificate), not Base64 encoded, so you would still need to ... the public key and save it in a file so that I can send this public key in ...
    (microsoft.public.platformsdk.security)
  • Re: Sonic Wall .exp format?
    ... Yes they are Base64 files. ... SW does this because they use the SAME format in the management interface ... Obtaining a base .exp file for the intended appliance ... Information Assurance Certification Review ...
    (Pen-Test)