Support bare public keys?

[reaperhulk]

Right now the OpenSSL backend can import PKCS8 public keys (and probably SubjectPublicKeyInfo wrapped keys, although we should verify that) but fails on "bare" RSA public keys (e.g. items written with PEM_write_BIO_RSAPublicKey). This is apparently a thing some people expect to be able to read (see: http://stackoverflow.com/questions/10569189/how-to-read-a-rsa-public-key-in-pem-pkcs1-format). Should we support it? And, relatedly, should we support writing this format with as_bytes?

I haven't researched EC or DSA so they may be subject to similar weirdness.

[alex]

This seems reasonable to support.

[ronf]

Both DSA and RSA support PKCS#1 format for both private and public keys, and such keys still seem pretty common. EC supports PKCS#1 private keys, but I haven't been able to find a specification for PKCS#1 public keys there (only PKCS#8, which supports both private & public, and other formats like OpenSSH and RFC 4716 which only seem to support public keys).

[public]

Previously. #1233 (comment)

[reaperhulk]

The naming problems in this space are manifold... It appears PKCS8 is not a public key format. PEM public keys with -----BEGIN PUBLIC KEY----- armoring are more properly called X.509 subjectPublicKeyInfo structures that contain PKCS1 payloads. So the two primary public key formats are "subjectPublicKeyInfo" and "PKCS1" even though the latter is contained within the former.

RSA PKCS1 public keys are relatively easy to create with the command line. DSA keys also exist (see @public's comment), and I'll need to conduct a test with PEM_write_bio_EC_PUBKEY to see if it generates PKCS1 or subjectPublicKeyInfo (which would give it the same output as PEM_write_bio_PUBKEY).

[reaperhulk]

PEM_write_bio_EC_PUBKEY does a subjectPublicKeyInfo so it's possible that EC "bare" public keys don't exist/aren't used (at least by OpenSSL). Evidence otherwise appreciated.

[reaperhulk]

PEM_read_bio_DSAPublicKey is not defined, so in practice loading a PKCS1 only DSA public key requires doing something like:

# define PEM_read_bio_DSAPublicKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \
        (d2i_of_void *)d2i_DSAPublicKey,PEM_STRING_DSA_PUBLIC,(bp),(void **)(x),(cb),(u))

This is making me lean towards saying we should support the PKCS1 only format for RSA but nothing else.

[ronf]

Based on the info Alex posted in #1233 I was able to add support for PKCS#1 DSA public keys into AsyncSSH, but OpenSSL makes it difficult enough to generate such keys that they're probably pretty uncommon. As long as there's support for PKCS#1 DSA private keys, I don't think you'd see too many problems. That said, if the couple of lines above is all that's needed, it might be worth including for completeness.

For EC, I still haven't been able to find any format for PKCS#1 public keys, but I do have support for PKCS#1 EC private keys and for PKCS#8 EC private and public keys.

[aftbit]

I'd personally be very interested in this. I'm looking into migrating a project away from POW to this library, and this is the last blocker.

I've implemented something which basically just calls PEM_read_bio_RSAPublicKey if the normal PEM loading code throws a ValueError, which I'm happy to make a PR for if you like. However, it only took me 30 minutes to go from never having touched the code base to writing that, so it might be easier for you to write it cleanly than to whip my PR into shape. :)

By the way, this library is excellently structured, and I'm really glad that it exists!

[reaperhulk]

I've actually put up a PR for this (#1715). It should be in the next release!

[reaperhulk]

The PR is now merged so this can be closed. #1706 will also add the ability to serialize this key type.