why base64 for import_key_pair?

Showing 1-5 of 5 messages
why base64 for import_key_pair? Waldemar Kornewald 5/9/11 10:22 AM
Hi,
is there a good reason for not automatically base64-encoding the key within the import_key_pair() method? Why should the caller of the method do it?

Thanks.

Bye,
Waldemar
Re: why base64 for import_key_pair? Mitchell Garnaat 5/9/11 10:25 AM
The ImportKeyPair request accepts keypairs in three different formats:

  • OpenSSH public key format (e.g., the format in ~/.ssh/authorized_keys)

  • Base64 encoded DER format

  • SSH public key file format as specified in RFC4716

So, I don't think we can assume that the input needs to be base64-encoded.

Mitch
Re: why base64 for import_key_pair? Waldemar Kornewald 5/9/11 11:14 AM
On Mon, May 9, 2011 at 7:25 PM, Mitchell Garnaat <mi...@garnaat.com> wrote:
> The ImportKeyPair request accepts keypairs in three different formats:
>
> OpenSSH public key format (e.g., the format in ~/.ssh/authorized_keys)
>
> Base64 encoded DER format
>
> SSH public key file format as specified in RFC4716
>
> So, I don't think we can assume that the input needs to be base64-encoded.

This is what the AWS documentation says about the "PublicKeyMaterial" parameter:

"The public key. You must base64 encode the public key material before
sending it to AWS."

I tried importing a key via the OpenSSH public key format and also via
RFC4716, but AWS didn't accept my key until I manually encoded it with
base64 (in both cases). I don't know if the base64-encoded DER format
also needs to be encoded in base64 (which would mean you have to
double-encode?), but the documentation does sound like that is the
case.

Bye,
Waldemar

--
Django on App Engine, MongoDB, ...? Browser-side Python? It's open-source:
http://www.allbuttonspressed.com/

Re: why base64 for import_key_pair? Mitchell Garnaat 5/9/11 4:26 PM
Yes, you're right.  It seems that they expect all keys material, regardless of format, to be base64-encoded prior to sending.  So, I think it makes sense for boto to do that for the user.  That's what we do with user data, etc.

I'll make this change tonight or feel free to send a pull request.  Thanks,

Mitch
Re: why base64 for import_key_pair? Waldemar Kornewald 5/10/11 12:24 AM
On Tue, May 10, 2011 at 1:26 AM, Mitchell Garnaat <mi...@garnaat.com> wrote:
> Yes, you're right.  It seems that they expect all keys material, regardless
> of format, to be base64-encoded prior to sending.  So, I think it makes
> sense for boto to do that for the user.  That's what we do with user data,
> etc.
> I'll make this change tonight or feel free to send a pull request.  Thanks,

I've sent a pull request.

Bye,
Waldemar

--
Django on App Engine, MongoDB, ...? Browser-side Python? It's open-source:
http://www.allbuttonspressed.com/