SSH Key Generation and Conversion With OpenSSH

Posted on May 21, 2008 by Jeff Fitzsimons

Key Generation

Generate a DSA key:

ssh-keygen -t dsa

This will generate an RFC 4716-formatted key file similar to the following:

-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQDijfpmyXBZpnq8EhEhSxeJz7fNxIlWYD6t7bviDZMARh8mLCr2
bug2J1K+Rl4qoLQJ7zRGlytwQ2krTCmvVahOjy9m/QW5936rCyVS19PRdJMEEMSN
vLQaMtpKbnHp0z8Xs/X1CkDmxThOlvRVjiObdd0U9eELLoo5VHauVHmufwIVAO7j
l4bxgVXeX09WJcyOXAUauNXHAoGAF20ESXgTvbbdxDECa2tfTi/j1/+emNV/+zuR
aq6xms/K0piZhMlkK3BD9PgHhXfqZuRT/Z9b8ja3nR34H2KL3UInCNV6kSq6h+MD
MLJnNQG4wADLYw3p5Tzz/hUwtfqpZ/9e7FpBdgfooS274GgPKTG8BFRiudIztPpK
4GueicoCgYEAy8hllDrFzQUqFG0kMe8r3dOFDjMQHf6ITttmAiScwEPg+a5D++Sq
bj42vkKSNgaYHc+Z8QPgerPehIkBde6wx0ukq0a8IXy8F86IasXz3wzotPeJsdKi
mynQKzhSm9Jzbk/SK/yh5NGhJzz1VmHsg+ir/qReguMHfqDGCI4kSFYCFDJKXQ4h
MteJHSlu62RrGwInRBOh
-----END DSA PRIVATE KEY-----

An accompanying, OpenSSH-formatted public key file should also be generated under the same file name with a .pub suffix. It should appear similar to the following:

ssh-dss AAAAB3NzaC1kc3MAAACBAOKN+mbJcFmmerwSESFLF4nPt83EiVZgPq3t
u+INkwBGHyYsKvZu6DYnUr5GXiqgtAnvNEaXK3BDaStMKa9VqE6PL2b9Bbn3fqsL
JVLX09F0kwQQxI28tBoy2kpucenTPxez9fUKQObFOE6W9FWOI5t13RT14QsuijlU
dq5Uea5/AAAAFQDu45eG8YFV3l9PViXMjlwFGrjVxwAAAIAXbQRJeBO9tt3EMQJr
a19OL+PX/56Y1X/7O5FqrrGaz8rSmJmEyWQrcEP0+AeFd+pm5FP9n1vyNredHfgf
YovdQicI1XqRKrqH4wMwsmc1AbjAAMtjDenlPPP+FTC1+qln/17sWkF2B+ihLbvg
aA8pMbwEVGK50jO0+krga56JygAAAIEAy8hllDrFzQUqFG0kMe8r3dOFDjMQHf6I
TttmAiScwEPg+a5D++Sqbj42vkKSNgaYHc+Z8QPgerPehIkBde6wx0ukq0a8IXy8
F86IasXz3wzotPeJsdKimynQKzhSm9Jzbk/SK/yh5NGhJzz1VmHsg+ir/qReguMH
fqDGCI4kSFY= user@hostname

Export Public Key in RFC 4716 Format

Given a private key, export its public key:

ssh-keygen -e -f private_key

This will generate a RFC 4716 output similar to the following:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit DSA, converted from OpenSSH by user@hostname"
AAAAB3NzaC1kc3MAAACBAOKN+mbJcFmmerwSESFLF4nPt83EiVZgPq3tu+INkwBGHyYsKv
Zu6DYnUr5GXiqgtAnvNEaXK3BDaStMKa9VqE6PL2b9Bbn3fqsLJVLX09F0kwQQxI28tBoy
2kpucenTPxez9fUKQObFOE6W9FWOI5t13RT14QsuijlUdq5Uea5/AAAAFQDu45eG8YFV3l
9PViXMjlwFGrjVxwAAAIAXbQRJeBO9tt3EMQJra19OL+PX/56Y1X/7O5FqrrGaz8rSmJmE
yWQrcEP0+AeFd+pm5FP9n1vyNredHfgfYovdQicI1XqRKrqH4wMwsmc1AbjAAMtjDenlPP
P+FTC1+qln/17sWkF2B+ihLbvgaA8pMbwEVGK50jO0+krga56JygAAAIEAy8hllDrFzQUq
FG0kMe8r3dOFDjMQHf6ITttmAiScwEPg+a5D++Sqbj42vkKSNgaYHc+Z8QPgerPehIkBde
6wx0ukq0a8IXy8F86IasXz3wzotPeJsdKimynQKzhSm9Jzbk/SK/yh5NGhJzz1VmHsg+ir
/qReguMHfqDGCI4kSFY=
---- END SSH2 PUBLIC KEY ----

Convert Public RFC 4716 to Public OpenSSH Format

Convert the exported public key from RFC 4716 format to OpenSSH format (for use in an authorized_keys file, for example):

ssh-keygen -i -f public_key

This will generate OpenSSH-formatted output similar to the following:

ssh-dss AAAAB3NzaC1kc3MAAACBAOKN+mbJcFmmerwSESFLF4nPt83EiVZgPq3t
u+INkwBGHyYsKvZu6DYnUr5GXiqgtAnvNEaXK3BDaStMKa9VqE6PL2b9Bbn3fqsL
JVLX09F0kwQQxI28tBoy2kpucenTPxez9fUKQObFOE6W9FWOI5t13RT14QsuijlU
dq5Uea5/AAAAFQDu45eG8YFV3l9PViXMjlwFGrjVxwAAAIAXbQRJeBO9tt3EMQJr
a19OL+PX/56Y1X/7O5FqrrGaz8rSmJmEyWQrcEP0+AeFd+pm5FP9n1vyNredHfgf
YovdQicI1XqRKrqH4wMwsmc1AbjAAMtjDenlPPP+FTC1+qln/17sWkF2B+ihLbvg
aA8pMbwEVGK50jO0+krga56JygAAAIEAy8hllDrFzQUqFG0kMe8r3dOFDjMQHf6I
TttmAiScwEPg+a5D++Sqbj42vkKSNgaYHc+Z8QPgerPehIkBde6wx0ukq0a8IXy8
F86IasXz3wzotPeJsdKimynQKzhSm9Jzbk/SK/yh5NGhJzz1VmHsg+ir/qReguMH
fqDGCI4kSFY=

About Jeff Fitzsimons

Jeff Fitzsimons is a software engineer in the California Bay Area. Technical specialties include C++, Win32, and multithreading. Personal interests include rock climbing, cycling, motorcycles, and photography.
This entry was posted in Cryptography, Technology. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *