Re: X509 certificates with ssh

From: Julie Bielski (JBIELSKI1_at_nc.rr.com)
Date: 10/25/03

  • Next message: Julie Bielski: "setting ssh-add environment variables on Windows" 
    Date: Sat, 25 Oct 2003 01:37:34 GMT

    Timo,

    Thanks for your response. My bigger problem turned out to be the private key
    rather than the public key. The keytool utility does not allow you to
    extract the private key from it's Java Key Store file (.keystore). Without
    the private key, there's no way to authenticate. So I just decided to use
    separate keys for signing vs. authentication. I'll use the keys I created
    with keytool for signing, and my id_dsa/id_dsa.pub keys for authentication
    with ssh.

    J.

    "Timo Felbinger" <Timo.Felbinger@quantum.physik.uni-potsdam.de> wrote in
    message
    news:Pine.LNX.4.58.0310221740220.1821@uranos.quantum.physik.uni-potsdam.de..
    .
    >
    >
    > On Wed, 22 Oct 2003, Julie Bielski wrote:
    >
    > > I created a DSA keypair using the 'keytool -genkey' utility that comes
    with
    > > the java SDK and exported it to an X509 certificate file using the
    > > 'keytool -export' command. I'd like to use the public key with ssh so
    that I
    > > can authenticate to an account I have on another system. The remote
    system
    > > is running RedHat 8, which I think uses OpenSSH.
    > > I read somewhere that X509 certificates are not yet supported by SSH. Is
    > > there a way I can transfrom my *.cer file into a *.pub file?
    > >
    >
    > Funny, I am trying to do almost the same thing (however, I am
    > using RSA keys, created with "openssl rsagen" and converted into
    > a certificate using "openssl req" and "openssl ca").
    >
    > Like you, I did not find a canonical way to extract a public key
    > in OpenSSH format from certificates, so I wrote a small tool which
    > works for me:
    > http://www.timof.qipc.org/x509toOpenSSH.c
    >
    > Use it at your own risk. Currently, it only works for RSA keys,
    > but it should not be hard to implement DSA, too.
    >
    > Regards,
    >
    > Timo Felbinger
    >
    >
    > --
    > Timo Felbinger <Timo.Felbinger@physik.uni-potsdam.de>
    > Quantum Physics Group http://www.quantum.physik.uni-potsdam.de
    > Institut fuer Physik Tel: +49 331 977 1793 Fax: -1767
    > Universitaet Potsdam, Germany

  • Next message: Julie Bielski: "setting ssh-add environment variables on Windows"

    Relevant Pages

    • Re: HELP! Ive been had! Someone hacked into my Linux box. What now?
      ... I thought my passwords were pretty secure... ... People need your private key to be able to authenticate ... the people have to know your public key to be able to recover ...
      (comp.os.linux.security)
    • Re: HELP! Ive been had! Someone hacked into my Linux box. What now?
      ... I thought my passwords were pretty secure... ... People need your private key to be able to authenticate ... the people have to know your public key to be able to recover ...
      (comp.os.linux.security)
    • RE: PGP scripting...
      ... cryptosystems, ... In these systems divulging your private key compromises the public ... Here is a quick over view of the public key encryption routines (the ...
      (SecProg)
    • Re: Private & Public Key storage location
      ... with that you complete the 'certificate' to have both public and private key ... To view the complete cert, you access the cert mmc, ... its end & send only the public key to the CA along with the other websites ... The CA never know the private key of the website. ...
      (microsoft.public.inetserver.iis.security)
    • CryptImportKey NTE_BAD_KEY error.
      ... of the private key is just fine but when I try to import the public key I ... // This Asymetric key set will be used to create the Autherization Code. ... delete psBuffer; ...
      (microsoft.public.security)