Generate SSH Keypairs (private/public) without ssh-keygen

I'm working on a Ruby/Rack application that needs to generate SSH keypairs. As much as I'd like to call ssh-keygen from the application, I can't because it's designed to run on Heroku and they don't support calling that command.

I've been able to get private/public RSA keys using OpenSSL in the Ruby standard library doing the following:

key = OpenSSL::PKey::RSA.generate(2048) # => -----BEGIN RSA PRIVATE KEY----- .... key.public_key # => -----BEGIN RSA PUBLIC KEY----- ....

Unfortunately an RSA public key and an SSH public key is not the same thing, even though they can be generated from the same RSA key. An SSH public key looks something like the following:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwA.....

Is it possible to generate SSH keys or convert RSA keys to SSH in Ruby without using ssh-keygen?

-------------Problems Reply------------

It may not have been the case when you had the problem, but the net-ssh library patches OpenSSL::PKey::RSA and ::DSA with two methods:

#ssh_type - returns "ssh-rsa" or "ssh-dss" as appropriate

and #to_blob - returns the public key in OpenSSH binary-blob format. If you base64-encode it, it's the format you're looking for.

require 'net/ssh'

key = OpenSSL::PKey::RSA.new 2048

type = key.ssh_type
data = [ key.to_blob ].pack('m0')

openssh_format = "#{type} #{data}"

Turns out this was much more complicated than I anticipated. I ended up writing the SSHKey gem to pull it off (source code on GitHub). SSH Public keys are encoded totally differently from the RSA public key provided. Data type encoding for SSH keys are defined in section #5 of RFC #4251.

key.public_key.to_pem

The full process including key encryption is documented here: http://stuff-things.net/2009/12/11/generating-rsa-key-pairs-in-ruby/

Category:ruby Views:2 Time:2011-03-11

Related post

  • How to convert SSH keypairs generated using PuttyGen(Windows) into key-pairs used by ssh-agent and KeyChain(Linux) 2010-02-08

    I've generated key pairs using PuttyGen and been logging in using Pageant , so that I have to enter my pass-phrase only once, when my system boots. How do I emulate this in Linux ? I've heard of keychain but I hear that it uses a different key pair f

  • Can I use my ssh keypair from a different machine 2011-08-31

    I created a ssh key-pair and published the key as part of my github account. Now I would like to access my account from a different machine (say an EC2 instance), so I copied my ~/.ssh/id_rsa* files into the target machine and was able to checkout co

  • Public key ssh login from windows 2012-08-30

    My client provided me public key and asked me to do a ssh login. But i havent done any ssh login before. So can you please suggest me how to use public key for ssh login. I am using putty on windows --------------Solutions------------- Here is a very

  • Using svn+ssh with private key in JDeveloper 11.1.1.3 2010-11-04

    I'm a consulting at a government agency. We have high security requirements all through the development process. Amongst other things, we are required to connect to our subversion repository over svn+ssh with private keys. We are also bringing in som

  • How would one write a private/public key system for a server authentication? 2010-08-13

    I guess this might have been posted somewhere, I did search, but couldn't find anything. I have this server on which I run a game server, and where I want to have some TCP server (possibly written in Ruby) that will provide a pseudo-session with few

  • sshj example of private/public key authentication 2010-09-10

    Can anyone give me an example of private/public key authentication in sshj? In sshj what's the command line equivalent of, ssh -i /path/to/mykey.private [email protected] I tried (error handling omitted), final SSHClient ssh = new SSHClient(); ssh.loadKn

  • Git repositories on shared hosting with ssh access - multiple users / one ssh account 2012-03-30

    I'm part of a small team trying to start coding on a project. I've decided it's time to give git a chance (no more svn) and was trying to see if we could use our shared web hosting to deploy a "public" repository there so that we can easily push/pull

  • Importing a private-public exchange key pair 2009-11-25

    I want to export a RSA 1024 private-public exchange key pair from Machine-1 to Machine-2. I am using cryptoAPI in XP. In Machine-1, i generated the key pair. I wrapped a session key which actually encrypts some real data. The key container name is "P

  • Generate rsa keypair client-side (on the browser) 2010-10-27

    I need to know how to generate a rsa keypair on the cliente-side. My system has to send encrypted data through the server and I have to ensure that the server cannot decrypt the data. So the Private/Public keypair cannot be generated on the server-si

  • Java: Why does SSL handshake give 'Could not generate DH keypair' exception? 2011-07-27

    When I make an SSL connection with some IRC servers (but not others - presumably due to the server's preferred encryption method) I get the following exception: Caused by: java.lang.RuntimeException: Could not generate DH keypair at com.sun.net.ssl.i

  • When strong naming an assembly: Which key to pick keypair or public key? 2011-08-04

    When Strong typing an Assembly in .net, I can create the keypair (private) like this: sn -k keypair.snk And extracting the public key from it like that: sn -p keypair.snk public.snk But once I am in the property of a project, under Signing tab to sel

  • How to create a pair private/public keys using Node.js crypto? 2011-12-15

    I have to generate two keys (private and public) to encrypt a text with the public and let the user with the private key decrypt the text. Is it possible with the module Crypto? Thank you! --------------Solutions------------- The following code works

  • Private/Public Encryption in Python with Standard Library 2011-12-16

    Is there a module that has my searching has been unable to discover that would allow writing code like the following? The reason for wanting to write code like this is unimportant. All I am after is some code that has a simple API to generate public

  • Is it possible to execute the ssh command without creating a .ssh directory? 2012-02-24

    I'm trying to run a command on a remote server via SSH from a PHP script. Here's the snippet: $ssh_command = "ssh -F keys/config -o UserKnownHostsFile=keys/known_hosts -i keys/deployment_key -p $ssh_port $r $git_fetch = "git --git-dir=$remote_path/.g

  • CA1047 'Make member raise private, public, or internal' and C++/CLI events 2010-12-02

    When I declare a public event in a sealed C++/CLI class, I get Code Analysis warning CA1047. The warning seems to come from auto-generated protected member functions. How can I fix this warning? Here's an example. This code ref class Test sealed { pu

  • How to generate OpenPGP KeyPair without passphrase using BouncyCastle? 2011-04-09

    I'm working on a project which needs to generate GPG-Keys for public-key encryption. My language of choice for it is Scala and the library for the cryptographic stuff is BouncyCastle Key generation works fine, but I can't find a way to generate keys

  • Random characters when retrieving private/public KEY (OpenSSL) from file 2011-05-06

    I am trying to make a program that after it generates a public/private key pair using OppenSSL EC function EC_KEY_generate_key store them in separate files and retrieve them to generate an ECDH KEY. My problem is that although I store them correctly(

  • private public key is different 2011-11-30

    I was wondering why private key is different when I use this code: java.security.KeyStore keyStoreFile = java.security.KeyStore.getInstance("PKCS12"); keyStoreFile.load(new FileInputStream("keyStore.pfx"),"password".toCharArray()); PrivateKey private

  • PyCrypto: Decrypt only with public key in file (no private+public key) 2012-03-27

    Hello everyone. I am trying to play a bit with RSA public and private keys and encryption/decryption with PyCrypto and I have encountered and issue that seems kind of strange to me (it probably makes a lot of sense the way it's working now, but I don

Copyright (C) dskims.com, All Rights Reserved.

processed in 0.086 (s). 11 q(s)