Mailing List Archive: OpenSSH: Dev

Encoding SSH RSA public key

Index | Next | Previous | View Threaded

robert.sicoie at gmail

Aug 13, 2008, 7:54 AM

Post #1 of 3 (256 views)
Permalink

Encoding SSH RSA public key

Hello,

I'm trying to build a valid public ssh v2 RSA key from a java
application but I have some problems understanding how the two numbers
(e and n) are base64 encoded into ~/.ssh/id_rsa.pub or
~/.ssh/authorized_keys2 file.

My question is what exactly is encoded into the base64 string? For
example for this public key:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6p76zG+8aOkFZT1y4O+Y7n
+n0jWo6eW3DDPWVMddrR6z37uUsCZXPm1a6Inogp4NOt6UNaa1IrEtRkCWKF/kWoAzpVeJsJCXNc7EGzSBG9Q0JZ43F07X9mQHneUi+SKwDl/dp5O2Mnyi/az2OatyW1XNnpf94yJC1dhPnJSgXNAmp2R5Bq5qktzo0GMUfw11rdZzVNBMwgxZVp6mvuvgQFQ3xJVRIGE54IpW6iTXLOgxCSwL8Xj37fI22wOg7mYlNMIzyy3vUqyx73e00VnxxVp0DcaM347bFvyrRSm3hnBVDmdbTjP/ryHobNpSbPrP6vzNVww5Y61OFyTa60OPjQ== robert[at]robert

There must be options (optional), bits, e, n and comments (optional),
but how are these represented before encoding? Are each of these data
encoded to base64 separately and then concatenated? What exactly is
encoded?

Could anyone describe me the algorithm for obtaining the base64 string?
I couldn't find it anywhere.

Thanks,
--
Robert

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev[at]mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

dkg-openssh.com at fifthhorseman

Aug 13, 2008, 2:28 PM

Post #2 of 3 (243 views)
Permalink

Re: Encoding SSH RSA public key [In reply to]

On Wed 2008-08-13 10:54:02 -0400, robert wrote:

> There must be options (optional), bits, e, n and comments (optional),
> but how are these represented before encoding? Are each of these data
> encoded to base64 separately and then concatenated? What exactly is
> encoded?
>
> Could anyone describe me the algorithm for obtaining the base64 string?
> I couldn't find it anywhere.

The format for the base64-encded data (the unreadable stuff in the
middle of the line) appears to be:

A series of length-prefixed bitstrings, where the length for each
bitstring is encoded as a network-order, 32-bit unsigned integer
representing the number of bytes in the following bitstring.

The first bitstring indicates the type of the key. This can be used
to determine the nature of the bitstrings which follow. The type is
represented by a 7-byte string ("ssh-rsa" or "ssh-dss"), so the first
4 bytes are 0x00,0x00,0x00,0x07 (this indicates the length of the
type string).

For RSA keys, the exponent follows next as a multi-precision integer
(MPI), and then the modulus (also an MPI).

So for example, for a 2048-bit key, you can unpack it this way:

[0 dkg[at]squeak ~]$ < ./.example/id_rsa.pub cut -f2 -d\ | base64 -d | hd | head -n2
00000000 00 00 00 07 73 73 68 2d 72 73 61 00 00 00 03 01 |....ssh-rsa.....|
00000010 00 01 00 00 01 01 00 c4 68 99 07 36 4f d4 7a 35 |........h..6O.z5|
[0 dkg[at]squeak ~]$

the example above uses a 3-byte exponent of 0x10001 (65537), followed
by a 257(==0x101)-byte modulus, which is the rest of the key.

Be careful that your MPIs all have the first bit set to 0, though!
OpenSSH appears to treat the MPIs as a two's-complement signed
representation, so if your first bit is a 1, ssh will think you're
trying to provide a negative value. If your calculations produce a
number with the high bit set to 1, just increase the length by another
byte and pad the beginning with 0x00 to keep it positive. (this is
why the modulus above is 257 bytes starting with 0x00,0xc4 instead of
256 starting with 0xc4,0x68).

Hope this is helpful,

--dkg

robert.sicoie at gmail

Aug 19, 2008, 12:52 AM

Post #3 of 3 (211 views)
Permalink

Re: Encoding SSH RSA public key [In reply to]

Thanks, Daniel. You were right.

On Wed, 2008-08-13 at 17:28 -0400, Daniel Kahn Gillmor wrote:
> On Wed 2008-08-13 10:54:02 -0400, robert wrote:
>
> > There must be options (optional), bits, e, n and comments (optional),
> > but how are these represented before encoding? Are each of these data
> > encoded to base64 separately and then concatenated? What exactly is
> > encoded?
> >
> > Could anyone describe me the algorithm for obtaining the base64 string?
> > I couldn't find it anywhere.
>
> The format for the base64-encded data (the unreadable stuff in the
> middle of the line) appears to be:
>
> A series of length-prefixed bitstrings, where the length for each
> bitstring is encoded as a network-order, 32-bit unsigned integer
> representing the number of bytes in the following bitstring.
>
> The first bitstring indicates the type of the key. This can be used
> to determine the nature of the bitstrings which follow. The type is
> represented by a 7-byte string ("ssh-rsa" or "ssh-dss"), so the first
> 4 bytes are 0x00,0x00,0x00,0x07 (this indicates the length of the
> type string).
>
> For RSA keys, the exponent follows next as a multi-precision integer
> (MPI), and then the modulus (also an MPI).
>
> So for example, for a 2048-bit key, you can unpack it this way:
>
> [0 dkg[at]squeak ~]$ < ./.example/id_rsa.pub cut -f2 -d\ | base64 -d | hd | head -n2
> 00000000 00 00 00 07 73 73 68 2d 72 73 61 00 00 00 03 01 |....ssh-rsa.....|
> 00000010 00 01 00 00 01 01 00 c4 68 99 07 36 4f d4 7a 35 |........h..6O.z5|
> [0 dkg[at]squeak ~]$
>
> the example above uses a 3-byte exponent of 0x10001 (65537), followed
> by a 257(==0x101)-byte modulus, which is the rest of the key.
>
> Be careful that your MPIs all have the first bit set to 0, though!
> OpenSSH appears to treat the MPIs as a two's-complement signed
> representation, so if your first bit is a 1, ssh will think you're
> trying to provide a negative value. If your calculations produce a
> number with the high bit set to 1, just increase the length by another
> byte and pad the beginning with 0x00 to keep it positive. (this is
> why the modulus above is 257 bytes starting with 0x00,0xc4 instead of
> 256 starting with 0xc4,0x68).
>
> Hope this is helpful,
>
> --dkg
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev[at]mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev[at]mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com