why base64 for import_key_pair?
Waldemar Kornewald
Mitchell Garnaat
OpenSSH public key format (e.g., the format in ~/.ssh/authorized_keys)
Base64 encoded DER format
SSH public key file format as specified in RFC4716
Waldemar Kornewald
> The ImportKeyPair request accepts keypairs in three different formats:
>
> OpenSSH public key format (e.g., the format in ~/.ssh/authorized_keys)
>
> Base64 encoded DER format
>
> SSH public key file format as specified in RFC4716
>
> So, I don't think we can assume that the input needs to be base64-encoded.
This is what the AWS documentation says about the "PublicKeyMaterial" parameter:
"The public key. You must base64 encode the public key material before
sending it to AWS."
I tried importing a key via the OpenSSH public key format and also via
RFC4716, but AWS didn't accept my key until I manually encoded it with
base64 (in both cases). I don't know if the base64-encoded DER format
also needs to be encoded in base64 (which would mean you have to
double-encode?), but the documentation does sound like that is the
case.
Bye,
Waldemar
--
Django on App Engine, MongoDB, ...? Browser-side Python? It's open-source:
http://www.allbuttonspressed.com/
Mitchell Garnaat
Waldemar Kornewald
> Yes, you're right. It seems that they expect all keys material, regardless
> of format, to be base64-encoded prior to sending. So, I think it makes
> sense for boto to do that for the user. That's what we do with user data,
> etc.
> I'll make this change tonight or feel free to send a pull request. Thanks,
I've sent a pull request.