Home / server / Questions / 441224
Accepted
CMag
Asked: 2012-10-23 22:14:30 +0800 CST

private/public ssh keys

  • 772

it must be 2 am in the morning... and ive had zero sleep. Nonetheless... I am trying to get my developer to send me a public ssh key. If the guy sends you a file that begins with:

-----BEGIN CERTIFICATE-----
MIIGgzCCBGugAwIBAgIJAOm7SVMTNGm5MA0GCSqGSIb3DQEBBQUAMIGHMQswCQYD
VQQGEwJJTjELMAkGA1UECBMCVVAxDjAMBgNVBAcTBU5vaWRhMREwDwYDVQQKEwhU
ZWttaW5kejEUMBIGA1UECxMLRW5naW5lZXJpbmcxDDAKBgNVBAMTA2RyZzEkMCIG
CSqGSIb3DQEJARYVcm9iLnNwYWRlQHNhc2FpbmMubmV0MB4XDTEyMTAyMzA2MDUw
NloXDTIzMDEyOTA2MDUwNlowgYcxCzAJBgNVBAYTAklOMQswCQYDVQQIEwJVUDEO
MAwGA1UEBxMFTm9pZGExETAPBgNVBAoTCFRla21pbmR6MRQwEgYDVQQLEwtFbmdp
bmVlcmluZzEMMAoGA1UEAxMDZHJnMSQwIgYJKoZIhvcNAQkBFhVyb2Iuc3BhZGVA
-----END CERTIFICATE-----

Is a pem cert, correct, not a public key? :) Should i email back to say recreate?
Thanks! )

ssh

1 Answers

  1. Best Answer

    That is an x509 certificate. Since a certificate contains a public key, and an SSH key is just a public key, it is possible to convert that into the OpenSSH key format. It's fairly uncommon to distribute keys like that however, so the developer may have sent you the wrong thing. To try to convert it use something like the following though:

    % head -n2 test.crt
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwIBAgIJAKyY2+5477dGMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
% openssl x509 -in test.crt -pubkey -noout > test.pub
% ssh-keygen -i -m PKCS8 -f test.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtpZDQLOzXwlhLWvjquDzfE0hwtUjD1jQCfv5pcuPGfI918d+nKufDbnjCB1mmg2PTZb+PcVv2zeqnvBEISJh6idnOoQSZgx/gkS1VEkOJtaG+ECMUwW4/hiUbGlVkKaIhuy9eyoLdF/pJRE5ZNGNxSxwT/3111gxcZqc8VF1n6w==

    Edit: It looks like the import feature from PKCS8 was added somewhere between 5.5p1 and 5.8p1, if your ssh-keygen doesn't have the -m option you'll need to find a later version.

    • 4