Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

ssh-rsa key generation #8

wants to merge 3 commits into


None yet
4 participants


I just added a method to create a ssh-rsa key from a RSA object. I added in the exportKey method with format=='SSH', if you consider that it is a bad place to do it please tell me where it should be.

I also added a simple test, but I think that it would be enhanced.


gabrtv commented Dec 8, 2011

Any update on this? We could really benefit from SSH key generation without having to fork/exec ssh-keygen.

My testing shows Crypto.PublicKey.RSA.generate(1024).exportKey('SSH') allows successful SSH public key authentication when using the corresponding PEM private key.

Update? I don't know, this have tests it just test for ssh-rsa AAAA (I don't want any kind of ssl bug introduced for this so maybe should be enhanced a little) do I have to do anything else?


Legrandin commented Dec 17, 2011

I do see a few problems with this patch:

  • It does not work for python 2.1 (and probably up to 2.4)
  • It does not work correctly if bit length of key.e is a multiple of 8
  • Most of the changes are just retabs
  • The format is only used by some SSH implementations (OpenSSH). I would not call it SSH (in the sense of RFC4521).

Having said that, a while ago I also added the same feature (still in a pull request?):


gabrtv commented Dec 17, 2011


I can't find your original pull request, so I went ahead and manually merged your implementation on top of the current master:

Tests are passing, seems to work great. We're going to start using it in development..


If there's anything we can do to help get this feature merged into master, please let us know. Thanks!


dlitz commented Jan 28, 2012

Sorry, I never saw this until now, and I probably won't get a chance to look closely at this until after this weekend. I'm not opposed to SSH-format import/export, but I'm not sure where the line should be drawn between PyCrypto and the various Python SSH implementations. Why not use Paramiko (http://www.lag.net/paramiko/) or Twisted Conch (http://twistedmatrix.com/trac/wiki/TwistedConch)?


dlitz commented Jan 28, 2012

Alternatively, if I am going to merge an SSH-format import/export, I'd like it to be something that would be beneficial for those projects. Has anyone checked to see what it would take to make this useful for them?

gabrtv commented Jan 30, 2012

@dlitz I just asked the folks on #twisted and it turns out this functionality exists in the latest version of Twisted Conch (which happens to use PyCrypto under the covers).

from twisted.conch.ssh import keys
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRqQGVZsEqMl6rF9HDcIF2rm01wSXHQUf2SiGIFIj/H46efeP9+p2sSeW79BXPOc6hcfruUl+XZbwuPOO0SEGMpJt6A+XBtdmTY0QSQ5XHVhQdZ35M1iEXqFIPvVVMtEShDayv2u4Lavx4ouH955Y6EkjaPklrKYR/g54G6P3DVvJzr5ZGgDy5EU08S63G9mvyw1QKjRFFDlSeWdKG8V/VhHvpKqEB+GfLkDNeZL4qYhGXBCENNQy9GCVOPcKsKNjakG6yaxKH96fGRAzDQvPT0JyyRAq4KcPX9siIOPHcaRtKn9KN/TBY4pbOMh/uVGf71f+1LfzLN0aAdU9T7QQJ'

We are already using Twisted Conch, so this is perfectly suitable for us.. hopefully others will find this useful as well. Assuming our tests pan out, we'll ditch our fork and pursue this track instead. Thanks..


dlitz commented Jan 31, 2012

OK. Sounds good. I'll close this pull request for now, but as a note to anyone who may be reading this in the future: Feel free to re-open it (or send a new pull request) for similar functionality if you want to see this feature merged. If so, it might be useful to coordinate on the mailing list first (or not).


  • Dwayne

@dlitz dlitz closed this Jan 31, 2012


dlitz commented Jan 31, 2012

Also, Legrandin: I have zero pull requests right now, so if you've got more stuff for me to merge, could you send them again?


I don't use twisted in my projects, and I think there are more like
me, and this feature would be great for us. I think this must be
merge, not this implementation, but the one Legrandin points at:


On Mon, Jan 30, 2012 at 10:55 PM, Dwayne Litzenberger

Also, Legrandin: I have zero pull requests right now, so if you've got more stuff for me to merge, could you send them again?

Reply to this email directly or view it on GitHub:
#8 (comment)

Jorge Eduardo Cardona


Linux registered user  #391186

Registered machine    #291871

Legrandin referenced this pull request Feb 20, 2013

Hash: Remove "oid" attributes; add "name" attribute
In PyCrypto v2.5, the "oid" attribute was added to hash objects.  In
retrospect, this was not a good idea, since the OID is not really a
property of the hash algorithm, it's a protocol-specific identifer for
the hash functions.  PKCS#1 v1.5 uses it, but other protocols (e.g.
OpenPGP, DNSSEC, SSH, etc.) use different identifiers, and it doesn't make
sense to add these to Crypto.Hash.* every time a new algorithm is added.

This also has the benefit of being compatible with the Python standard
library's "hashlib" objects, which also have a name attribute.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment