Created attachment 1827 [details] pubkey2ssh I think this is part defect part enhancement. Defect Part =========== I have a public key generated via prompt> openssl x509 -in cavanaug.x509 -pubkey -noout > cavanaug_x509.pub that I would like to have ssh-keygen convert to an openssh public key format. prompt> ssh-keygen -i -f cavanaug_x509.pub buffer_get_string_ret: bad string length 813826338 key_from_blob: can't read key type decode blob failed. prompt> cat cavanaug_x509.pub -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApy+8jp5YdUEqoNjmhg3X c+oMARMrXH5erMRh+C1DeAE/KxZd0ZXjhbDJ1NwvvIlmLJO6tmlqtbnNILgpJjna dPor6fcVsiLgHtwD5CuydAfxjQBXRCvPBqL+/M1tNMhcgR4AYzfitUP2IFhSLmgF 3+lPZYJiyWeTPMGgbgNbjef66ogaaoV0TLmuONQjmH0QI9LcPO7pbErOBgOEytYP LUvgNyu7z/wgV+sQoxB6jYhsI2msQ+s6cwGna8fLa2R9tKr27rzv0kyeL1h9ZLd2 TiwEen+XkcRFgDkzPPoiHl1i9/osia+uvd/YeQxWlNRMldgNZ+sa2Yy/2Sz7XSRb dwIDAQAB -----END PUBLIC KEY----- In the interim I have been using pubkey2ssh.c (attached), but this sure seems like something that ssh-keygen should handle. Enhancement Part ================ Outside of the above fix it would be wonderful if ssh-keygen could just import an entire x509 and spit out a complete openssh public & private key. Right now I do this with a script something like the following (i omitted the steps on cert validation etc) openssl pkcs12 -in cavanaug.p12 -clcerts -out id_rsa openssl x509 -in id_rsa -pubkey -noout > x pubkey2ssh x comment > id_rsa.pub Id love to just be able to do something directly with ssh-keygen
Created attachment 1888 [details] /home/djm/keygen-formats.diff Teach ssh-keygen PEM and PEM+ASN1 key formats for import and export
A revised version of the above patch has been applied and will be in OpenSSH-5.6. Thanks!
Move resolved bugs to CLOSED after 5.7 release