Load OpenSSH format from file

Tomas Berger

unread,

Aug 5, 2020, 9:02:38 AM8/5/20

to Crypto++ Users

Is it possible to load an OpenSSH formated RSA from file?

If so how would it be done?

Made a Stackoverflow question a month ago with more details

Jeffrey Walton

unread,

Aug 5, 2020, 11:06:54 AM8/5/20

to Crypto++ Users List

On Wed, Aug 5, 2020 at 9:02 AM Tomas Berger <tog...@gmail.com> wrote:
>
> Is it possible to load an OpenSSH formated RSA from file?
> If so how would it be done?

I've got some code somewhere that loads OpenSSH keys and certificates.
The code depends on the PEM Pack (but it is not part of it PEM Pack).

Let me see if I can find it and post it to a GitHub for you.

Jeff

Tomas Berger

unread,

Aug 7, 2020, 2:39:40 AM8/7/20

to Crypto++ Users

Thank you, did you find your old code?

Jeffrey Walton

unread,

Aug 8, 2020, 7:00:58 AM8/8/20

to Crypto++ Users

On Friday, August 7, 2020 at 2:39:40 AM UTC-4, Tomas Berger wrote:

Thank you, did you find your old code?

I did find it:

cryptopp-ssh$ ls -Al
total 128
-rw-r----- 1 jwalton jwalton 8084 Sep 3 2017 ssh_common.cpp
-rw-r----- 1 jwalton jwalton 5921 Sep 3 2017 ssh_common.h
-rwxr-x--- 1 jwalton jwalton 2617 Sep 3 2017 ssh_create_keys.sh
-rw-r----- 1 jwalton jwalton 17087 Sep 2 2017 ssh.h
-rw-r----- 1 jwalton jwalton 37231 Sep 7 2017 ssh_read.cpp
-rw-r----- 1 jwalton jwalton 8570 Sep 3 2017 ssh_test.cxx
-rw-r--r-- 1 jwalton jwalton 10763 Sep 3 2017 ssh_types.txt
-rwxr-x--- 1 jwalton jwalton 3244 Sep 2 2017 ssh_verify_keys.sh
-rw-r----- 1 jwalton jwalton 17537 Sep 3 2017 ssh_write.cpp

I've got to remember how to use it...

Give me a couple of days with it.

Jeff

Tomas Berger

unread,

Aug 21, 2020, 6:21:45 AM8/21/20

to Crypto++ Users

Any update?

Jeffrey Walton

unread,

Aug 24, 2020, 12:16:43 PM8/24/20

to Crypto++ Users

On Friday, August 21, 2020 at 6:21:45 AM UTC-4 tog...@gmail.com wrote:

> Any update?

I haven't had time to loop back to it (yet).

The underlying PEM code is failing two self tests on OS X 10.13.6. Other platforms are OK. I've got to clear that first.

From https://travis-ci.org/github/noloader/cryptopp/jobs/719277144:

Load malformed key 6
- Failed
Load malformed key 7
- Failed

The program producing the message is at https://github.com/noloader/cryptopp-pem/blob/master/pem_test.cxx.

Jeff

Jeffrey Walton

unread,

Aug 24, 2020, 12:42:18 PM8/24/20

to Crypto++ Users

I _think_ the problem might be sed on OS X. It is an anemic version, but I am trying to do:

    # Uses only CR (remove LF)
    sed 's/\n//g' rsa-pub.pem > rsa-eol-cr.pem

    # Uses only LF (remove CR)
    sed 's/\r//g' rsa-pub.pem > rsa-eol-lf.pem

    # No EOL (remove CR and LF)
    sed 's/\r//g; s/\n//g' rsa-pub.pem > rsa-eol-none.pem

rsa-eol-none.pem should be one big line, with no end-of-lines, but it is not:

    $ cat rsa-eol-none.pem
    -----BEGIN PUBLIC KEY-----
    MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/bfqlSZccDRZ/uspLovFggO9p
    +9xkFzujnqIhS0TiY0WvEEhAZPq5mty0WsolIXpmqn2g8zEkLyRH2f+o2pj1WM
    Jh1IZnFX38H6fbvAsUeOmBJ2fKObdytB4RhH7TZ0s2NSU7t//vjY6qOVOCTtoaJ
    CxdVYHs2Lk5FvPuDQIDAQAB
    -----END PUBLIC KEY-----

I think I need to switch to Perl.

Jeff

Tomas Berger

unread,

Aug 25, 2020, 6:25:16 AM8/25/20

to Crypto++ Users

Thank you for the update!
I will take a look at it, but I think I am out of my depth :D

Tomas Berger

unread,

Aug 25, 2020, 6:26:01 AM8/25/20

to Crypto++ Users

Also I don't know if you want be to create a feature request on GitHub?

Jeffrey Walton

unread,

Aug 26, 2020, 2:27:56 PM8/26/20

to Crypto++ Users

On Monday, August 24, 2020 at 12:42:18 PM UTC-4 Jeffrey Walton wrote:

On Monday, August 24, 2020 at 12:16:43 PM UTC-4 Jeffrey Walton wrote:

On Friday, August 21, 2020 at 6:21:45 AM UTC-4 tog...@gmail.com wrote:

> Any update?

I haven't had time to loop back to it (yet).

OK, so there was a couple of problems.

First, the sed was having trouble. I was using GNU extensions and not Posix sed. Problems could surface on platforms like OS X, BSDs and Solaris. OS X happened to be the first one to expose it. I'm not sure why the problem did not surface sooner.

We can sidestep the sed problems with perl. Commands like `perl -pe 's/\n//g;' rsa-pub.pem > rsa-eol-cr.pem` works as expected.

Second, OpenSSL was not using CRLF as the end-of-line on OS X. This was a painpoint because we depend on OpenSSL to use CRLF. Then, we build test cases by tampering with keys, like removing CR's, removing LF's, removing characters in the encapsulated header, etc.

unix2dos and mac2dos can usually be used to fix the problem, but it was not available on two of my Macs and was not available Travis machines. We can figure out ways to install it, but that's a pain in the ass.

We can sidestep the OpenSSL problem with pem_eol.cxx. pem_eol.cxx does what unix2dos and mac2dos do without the need for a package manager. Also see https://github.com/noloader/cryptopp-pem/blob/master/pem_eol.cxx .

I will be able to move to the SSH gear soon.

Jeff

Tomas Berger

unread,

Aug 27, 2020, 10:08:30 AM8/27/20

to Crypto++ Users

Why there is no standard by now, for new line is beyond me. Just seems to cause headaches.

Anyway thanks for the even more in-depth update! I am running windows so if you want something tested here with CRLF natively, just give me a ping!

Reply all

Reply to author

Forward