Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

ssh-rsa key generation #8

Closed
wants to merge 3 commits into
from

Conversation

Projects
None yet
4 participants

Hi,

I just added a method to create a ssh-rsa key from a RSA object. I added in the exportKey method with format=='SSH', if you consider that it is a bad place to do it please tell me where it should be.

I also added a simple test, but I think that it would be enhanced.

Bye

gabrtv commented Dec 8, 2011

Any update on this? We could really benefit from SSH key generation without having to fork/exec ssh-keygen.

My testing shows Crypto.PublicKey.RSA.generate(1024).exportKey('SSH') allows successful SSH public key authentication when using the corresponding PEM private key.

Update? I don't know, this have tests it just test for ssh-rsa AAAA (I don't want any kind of ssl bug introduced for this so maybe should be enhanced a little) do I have to do anything else?

Contributor

Legrandin commented Dec 17, 2011

I do see a few problems with this patch:

  • It does not work for python 2.1 (and probably up to 2.4)
  • It does not work correctly if bit length of key.e is a multiple of 8
  • Most of the changes are just retabs
  • The format is only used by some SSH implementations (OpenSSH). I would not call it SSH (in the sense of RFC4521).

Having said that, a while ago I also added the same feature (still in a pull request?):

Legrandin/pycrypto@51a760b

gabrtv commented Dec 17, 2011

Legrandin,

I can't find your original pull request, so I went ahead and manually merged your implementation on top of the current master:
https://github.com/opdemand/pycrypto/commit/16f9c3b97b39a0b7dee319526e70305b4be2b6f7

Tests are passing, seems to work great. We're going to start using it in development..

Dlitz,

If there's anything we can do to help get this feature merged into master, please let us know. Thanks!

Owner

dlitz commented Jan 28, 2012

Sorry, I never saw this until now, and I probably won't get a chance to look closely at this until after this weekend. I'm not opposed to SSH-format import/export, but I'm not sure where the line should be drawn between PyCrypto and the various Python SSH implementations. Why not use Paramiko (http://www.lag.net/paramiko/) or Twisted Conch (http://twistedmatrix.com/trac/wiki/TwistedConch)?

Owner

dlitz commented Jan 28, 2012

Alternatively, if I am going to merge an SSH-format import/export, I'd like it to be something that would be beneficial for those projects. Has anyone checked to see what it would take to make this useful for them?

gabrtv commented Jan 30, 2012

@dlitz I just asked the folks on #twisted and it turns out this functionality exists in the latest version of Twisted Conch (which happens to use PyCrypto under the covers).

from twisted.conch.ssh import keys
keys.Key(keys.RSA.generate(bits=2048)).public().toString("openssh")
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRqQGVZsEqMl6rF9HDcIF2rm01wSXHQUf2SiGIFIj/H46efeP9+p2sSeW79BXPOc6hcfruUl+XZbwuPOO0SEGMpJt6A+XBtdmTY0QSQ5XHVhQdZ35M1iEXqFIPvVVMtEShDayv2u4Lavx4ouH955Y6EkjaPklrKYR/g54G6P3DVvJzr5ZGgDy5EU08S63G9mvyw1QKjRFFDlSeWdKG8V/VhHvpKqEB+GfLkDNeZL4qYhGXBCENNQy9GCVOPcKsKNjakG6yaxKH96fGRAzDQvPT0JyyRAq4KcPX9siIOPHcaRtKn9KN/TBY4pbOMh/uVGf71f+1LfzLN0aAdU9T7QQJ'

We are already using Twisted Conch, so this is perfectly suitable for us.. hopefully others will find this useful as well. Assuming our tests pan out, we'll ditch our fork and pursue this track instead. Thanks..

Owner

dlitz commented Jan 31, 2012

OK. Sounds good. I'll close this pull request for now, but as a note to anyone who may be reading this in the future: Feel free to re-open it (or send a new pull request) for similar functionality if you want to see this feature merged. If so, it might be useful to coordinate on the mailing list first (or not).

Cheers,

  • Dwayne

@dlitz dlitz closed this Jan 31, 2012

Owner

dlitz commented Jan 31, 2012

Also, Legrandin: I have zero pull requests right now, so if you've got more stuff for me to merge, could you send them again?

Hi,

I don't use twisted in my projects, and I think there are more like
me, and this feature would be great for us. I think this must be
merge, not this implementation, but the one Legrandin points at:
Legrandin/pycrypto@51a760b

Bye.

On Mon, Jan 30, 2012 at 10:55 PM, Dwayne Litzenberger
reply@reply.github.com
wrote:

Also, Legrandin: I have zero pull requests right now, so if you've got more stuff for me to merge, could you send them again?


Reply to this email directly or view it on GitHub:
#8 (comment)

Jorge Eduardo Cardona
jorgeecardona@gmail.com
jorgeecardona.blogspot.com

github.com/jorgeecardona

Linux registered user  #391186

Registered machine    #291871

Legrandin referenced this pull request Feb 20, 2013

Hash: Remove "oid" attributes; add "name" attribute
In PyCrypto v2.5, the "oid" attribute was added to hash objects.  In
retrospect, this was not a good idea, since the OID is not really a
property of the hash algorithm, it's a protocol-specific identifer for
the hash functions.  PKCS#1 v1.5 uses it, but other protocols (e.g.
OpenPGP, DNSSEC, SSH, etc.) use different identifiers, and it doesn't make
sense to add these to Crypto.Hash.* every time a new algorithm is added.

This also has the benefit of being compatible with the Python standard
library's "hashlib" objects, which also have a name attribute.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment