From lalit.hilmarsh at gmail.com Tue Mar 3 01:27:00 2020 From: lalit.hilmarsh at gmail.com (Lalit Kumar) Date: Tue, 3 Mar 2020 11:57:00 +0530 Subject: [Cryptography-dev] New OpenSSH key format Message-ID: Can we retrieve the public key from private key in the new OpenSSH format like below: *-----BEGIN OPENSSH PRIVATE KEY-----b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEA2MTxUgEE1y0Mx+nA0SBDRhK2DnNQU4ACS1g8qWwanIJ81q4u1n/8XUdagRSctNyzsMVsGKrPez/T+11rTlc+AKfqrJacz0SxpPi/PAszLQ6ARYESbpAGXlwwjba0iYXR512mIArg/xNVWZtGHVvGDQEATIWIxOoI4hmGcE9bqHW/me8PvA/cggDKxICa0CLxi+7drR2exNwhYVlw//RTw1raZorVtD1rNyh4YXeX9JfX1E9RXRDaP1zonVwjH3E64hyw4yARRSSnvaaQPNEmkrZMv37NQNbN/XIj9pdbXq/rBJ0yOIFQrGSYIr+yMThiloD5n/LZeAFr1rCZsChawQAAA8h+4JwsfuCcLAAAAAdzc2gtcnNhAAABAQDYxPFSAQTXLQzH6cDRIENGErYOc1BTgAJLWDypbBqcgnzWri7Wf/xdR1qBFJy03LOwxWwYqs97P9P7XWtOVz4Ap+qslpzPRLGk+L88CzMtDoBFgRJukAZeXDCNtrSJhdHnXaYgCuD/E1VZm0YdW8YNAQBMhYjE6gjiGYZwT1uodb+Z7w+8D9yCAMrEgJrQIvGL7t2tHZ7E3CFhWXD/9FPDWtpmitW0PWs3KHhhd5f0l9fUT1FdENo/XOidXCMfcTriHLDjIBFFJKe9ppA80SaStky/fs1A1s39ciP2l1ter+sEnTI4gVCsZJgiv7IxOGKWgPmf8tl4AWvWsJmwKFrBAAAAAwEAAQAAAQAi3Kmi8p8ArDIeBK4J9BJdtqyo7krA4xl7XJmE9enhueqx7BmETdkcd1lK4THCtKwBhf64iOANhlplVsTnOIi0Ok03rJFTlEytp4O5+GMmn+ppQzTfqzIbAuCcKgInC+qSNzF8fcNpwoY7fwlrt1LGzJ5rsB4q7Si4lDpW3ax0Dw/n514DgqVXJi3KcMy37FeNgzDREK1P8lZjUGcIySQNn5/pd1zZiAZ4mXHwyE4q1XsqBU8WfOYObH4J7BEjrHKrCjW+K+XrOVxdIfwLg7KA6VWBld77AZSt7Dy1xAm4fbpJp3YtmAeNnnuuNjr1HyyzF5hTcMiQ4ibseliTeSZxAAAAgAw+0F/ZmyYWrv2mDTzeO1yhOwq/sEFyY7OeG1I1dsk8d36vWO3vVYmb9mk7b4Ud/M4C4wSuL2d64HB6wIg3nxo3M0I3e0BlL/S3zzEM9H8rBd1WJpK3nQYrv+H1vLXMq96/Ph3ZY1TmOaxcdk8zKyLSQQ7quxi3ZR0ZUAX70Sc/AAAAgQD8uch+1NBy4u65KOsqtx6tf3oXaKCfPl026oaosb3WnaNqNLJzlB95mQaBUqIU4zkL2Z1O2ICQO7Zvv9FEoS5SPo79WO0S2CgnIsSPuvfVsggwH6wQd0K8IpvdDLCyi7/eGT+tRoN+iCcSFgDNVyA0I8NvLfAQRpzcANa8KUC0+wAAAIEA25PnE/2sl7nMrZ8dkhV+TbgPYvhhcibO0REiALkT4bs+cdHgAI+5rl9GuYFrvLNuY9e1Yh87jtDG6QTviwtjG12U3ycQBC3amxFBkpcI30pKRrfV1SbVEr3EC5ns48iOPxDS+3J44wGaqZdWbOICX/EIdd9IJ0tdLs/k0W+LynMAAAAPbGFsaXQua3VtYXJATWFjAQIDBA==-----END OPENSSH PRIVATE KEY-----* This is an RSA key in the new format. Does cryptography 2.8 support this? If not is it planned for next release? -- Regards, Lalit -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex.gaynor at gmail.com Tue Mar 3 01:30:58 2020 From: alex.gaynor at gmail.com (Alex Gaynor) Date: Tue, 3 Mar 2020 01:30:58 -0500 Subject: [Cryptography-dev] New OpenSSH key format In-Reply-To: References: Message-ID: No, cryptography does not support OpenSSH format private keys. This is not currently planned. Alex On Tue, Mar 3, 2020 at 1:28 AM Lalit Kumar wrote: > Can we retrieve the public key from private key in the new OpenSSH format > like below: > > > > > > > > > > > > > > > > > > > > > > > > > > > > *-----BEGIN OPENSSH PRIVATE > KEY-----b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcnNhAAAAAwEAAQAAAQEA2MTxUgEE1y0Mx+nA0SBDRhK2DnNQU4ACS1g8qWwanIJ81q4u1n/8XUdagRSctNyzsMVsGKrPez/T+11rTlc+AKfqrJacz0SxpPi/PAszLQ6ARYESbpAGXlwwjba0iYXR512mIArg/xNVWZtGHVvGDQEATIWIxOoI4hmGcE9bqHW/me8PvA/cggDKxICa0CLxi+7drR2exNwhYVlw//RTw1raZorVtD1rNyh4YXeX9JfX1E9RXRDaP1zonVwjH3E64hyw4yARRSSnvaaQPNEmkrZMv37NQNbN/XIj9pdbXq/rBJ0yOIFQrGSYIr+yMThiloD5n/LZeAFr1rCZsChawQAAA8h+4JwsfuCcLAAAAAdzc2gtcnNhAAABAQDYxPFSAQTXLQzH6cDRIENGErYOc1BTgAJLWDypbBqcgnzWri7Wf/xdR1qBFJy03LOwxWwYqs97P9P7XWtOVz4Ap+qslpzPRLGk+L88CzMtDoBFgRJukAZeXDCNtrSJhdHnXaYgCuD/E1VZm0YdW8YNAQBMhYjE6gjiGYZwT1uodb+Z7w+8D9yCAMrEgJrQIvGL7t2tHZ7E3CFhWXD/9FPDWtpmitW0PWs3KHhhd5f0l9fUT1FdENo/XOidXCMfcTriHLDjIBFFJKe9ppA80SaStky/fs1A1s39ciP2l1ter+sEnTI4gVCsZJgiv7IxOGKWgPmf8tl4AWvWsJmwKFrBAAAAAwEAAQAAAQAi3Kmi8p8ArDIeBK4J9BJdtqyo7krA4xl7XJmE9enhueqx7BmETdkcd1lK4THCtKwBhf64iOANhlplVsTnOIi0Ok03rJFTlEytp4O5+GMmn+ppQzTfqzIbAuCcKgInC+qSNzF8fcNpwoY7fwlrt1LGzJ5rsB4q7Si4lDpW3ax0Dw/n514DgqVXJi3KcMy37FeNgzDREK1P8lZjUGcIySQNn5/pd1zZiAZ4mXHwyE4q1XsqBU8WfOYObH4J7BEjrHKrCjW+K+XrOVxdIfwLg7KA6VWBld77AZSt7Dy1xAm4fbpJp3YtmAeNnnuuNjr1HyyzF5hTcMiQ4ibseliTeSZxAAAAgAw+0F/ZmyYWrv2mDTzeO1yhOwq/sEFyY7OeG1I1dsk8d36vWO3vVYmb9mk7b4Ud/M4C4wSuL2d64HB6wIg3nxo3M0I3e0BlL/S3zzEM9H8rBd1WJpK3nQYrv+H1vLXMq96/Ph3ZY1TmOaxcdk8zKyLSQQ7quxi3ZR0ZUAX70Sc/AAAAgQD8uch+1NBy4u65KOsqtx6tf3oXaKCfPl026oaosb3WnaNqNLJzlB95mQaBUqIU4zkL2Z1O2ICQO7Zvv9FEoS5SPo79WO0S2CgnIsSPuvfVsggwH6wQd0K8IpvdDLCyi7/eGT+tRoN+iCcSFgDNVyA0I8NvLfAQRpzcANa8KUC0+wAAAIEA25PnE/2sl7nMrZ8dkhV+TbgPYvhhcibO0REiALkT4bs+cdHgAI+5rl9GuYFrvLNuY9e1Yh87jtDG6QTviwtjG12U3ycQBC3amxFBkpcI30pKRrfV1SbVEr3EC5ns48iOPxDS+3J44wGaqZdWbOICX/EIdd9IJ0tdLs/k0W+LynMAAAAPbGFsaXQua3VtYXJATWFjAQIDBA==-----END > OPENSSH PRIVATE KEY-----* > > This is an RSA key in the new format. Does cryptography 2.8 support this? > If not is it planned for next release? > > -- > Regards, > Lalit > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > -- All that is necessary for evil to succeed is for good people to do nothing. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ronf at timeheart.net Tue Mar 3 01:36:51 2020 From: ronf at timeheart.net (Ron Frederick) Date: Mon, 2 Mar 2020 22:36:51 -0800 Subject: [Cryptography-dev] New OpenSSH key format In-Reply-To: References: Message-ID: <12ADAC20-2688-4A0C-BC98-296EE3936972@timeheart.net> You might want to see if AsyncSSH (https://asyncssh.readthedocs.io ) can do what you?re looking for. While its main purpose is to provide an asyncio-compatible SSH client and server, it also had a very complete set of key management functions for reading and writing private/public keys and certificates, reading and writing them in a wide variety of formats and providing functions such as signing and verification with them. You don?t even need to be using asyncio to take advantage of these functions. On Mar 2, 2020, at 10:30 PM, Alex Gaynor wrote: > No, cryptography does not support OpenSSH format private keys. This is not currently planned. > > Alex > > On Tue, Mar 3, 2020 at 1:28 AM Lalit Kumar > wrote: > Can we retrieve the public key from private key in the new OpenSSH format like below: > > -----BEGIN OPENSSH PRIVATE KEY----- > b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn > NhAAAAAwEAAQAAAQEA2MTxUgEE1y0Mx+nA0SBDRhK2DnNQU4ACS1g8qWwanIJ81q4u1n/8 > XUdagRSctNyzsMVsGKrPez/T+11rTlc+AKfqrJacz0SxpPi/PAszLQ6ARYESbpAGXlwwjb > a0iYXR512mIArg/xNVWZtGHVvGDQEATIWIxOoI4hmGcE9bqHW/me8PvA/cggDKxICa0CLx > i+7drR2exNwhYVlw//RTw1raZorVtD1rNyh4YXeX9JfX1E9RXRDaP1zonVwjH3E64hyw4y > ARRSSnvaaQPNEmkrZMv37NQNbN/XIj9pdbXq/rBJ0yOIFQrGSYIr+yMThiloD5n/LZeAFr > 1rCZsChawQAAA8h+4JwsfuCcLAAAAAdzc2gtcnNhAAABAQDYxPFSAQTXLQzH6cDRIENGEr > YOc1BTgAJLWDypbBqcgnzWri7Wf/xdR1qBFJy03LOwxWwYqs97P9P7XWtOVz4Ap+qslpzP > RLGk+L88CzMtDoBFgRJukAZeXDCNtrSJhdHnXaYgCuD/E1VZm0YdW8YNAQBMhYjE6gjiGY > ZwT1uodb+Z7w+8D9yCAMrEgJrQIvGL7t2tHZ7E3CFhWXD/9FPDWtpmitW0PWs3KHhhd5f0 > l9fUT1FdENo/XOidXCMfcTriHLDjIBFFJKe9ppA80SaStky/fs1A1s39ciP2l1ter+sEnT > I4gVCsZJgiv7IxOGKWgPmf8tl4AWvWsJmwKFrBAAAAAwEAAQAAAQAi3Kmi8p8ArDIeBK4J > 9BJdtqyo7krA4xl7XJmE9enhueqx7BmETdkcd1lK4THCtKwBhf64iOANhlplVsTnOIi0Ok > 03rJFTlEytp4O5+GMmn+ppQzTfqzIbAuCcKgInC+qSNzF8fcNpwoY7fwlrt1LGzJ5rsB4q > 7Si4lDpW3ax0Dw/n514DgqVXJi3KcMy37FeNgzDREK1P8lZjUGcIySQNn5/pd1zZiAZ4mX > HwyE4q1XsqBU8WfOYObH4J7BEjrHKrCjW+K+XrOVxdIfwLg7KA6VWBld77AZSt7Dy1xAm4 > fbpJp3YtmAeNnnuuNjr1HyyzF5hTcMiQ4ibseliTeSZxAAAAgAw+0F/ZmyYWrv2mDTzeO1 > yhOwq/sEFyY7OeG1I1dsk8d36vWO3vVYmb9mk7b4Ud/M4C4wSuL2d64HB6wIg3nxo3M0I3 > e0BlL/S3zzEM9H8rBd1WJpK3nQYrv+H1vLXMq96/Ph3ZY1TmOaxcdk8zKyLSQQ7quxi3ZR > 0ZUAX70Sc/AAAAgQD8uch+1NBy4u65KOsqtx6tf3oXaKCfPl026oaosb3WnaNqNLJzlB95 > mQaBUqIU4zkL2Z1O2ICQO7Zvv9FEoS5SPo79WO0S2CgnIsSPuvfVsggwH6wQd0K8IpvdDL > Cyi7/eGT+tRoN+iCcSFgDNVyA0I8NvLfAQRpzcANa8KUC0+wAAAIEA25PnE/2sl7nMrZ8d > khV+TbgPYvhhcibO0REiALkT4bs+cdHgAI+5rl9GuYFrvLNuY9e1Yh87jtDG6QTviwtjG1 > 2U3ycQBC3amxFBkpcI30pKRrfV1SbVEr3EC5ns48iOPxDS+3J44wGaqZdWbOICX/EIdd9I > J0tdLs/k0W+LynMAAAAPbGFsaXQua3VtYXJATWFjAQIDBA== > -----END OPENSSH PRIVATE KEY----- > > This is an RSA key in the new format. Does cryptography 2.8 support this? If not is it planned for next release? > > -- > Regards, > Lalit -- Ron Frederick ronf at timeheart.net -------------- next part -------------- An HTML attachment was scrubbed... URL: From glyph at twistedmatrix.com Tue Mar 3 02:23:14 2020 From: glyph at twistedmatrix.com (Glyph) Date: Mon, 2 Mar 2020 23:23:14 -0800 Subject: [Cryptography-dev] New OpenSSH key format In-Reply-To: <12ADAC20-2688-4A0C-BC98-296EE3936972@timeheart.net> References: <12ADAC20-2688-4A0C-BC98-296EE3936972@timeheart.net> Message-ID: <85E80496-99C8-419D-9408-4A28FF2EEAB3@twistedmatrix.com> Twisted trunk at HEAD can do this, via cryptography, although this functionality is not yet present in a release: https://github.com/twisted/twisted/pull/1193 I saw your question and remembered doing the code review for this :-). I would guess we'll have a new release fairly soon (I know the goal is to have one out before April). -glyph > On Mar 2, 2020, at 10:36 PM, Ron Frederick wrote: > > You might want to see if AsyncSSH (https://asyncssh.readthedocs.io ) can do what you?re looking for. While its main purpose is to provide an asyncio-compatible SSH client and server, it also had a very complete set of key management functions for reading and writing private/public keys and certificates, reading and writing them in a wide variety of formats and providing functions such as signing and verification with them. You don?t even need to be using asyncio to take advantage of these functions. > > On Mar 2, 2020, at 10:30 PM, Alex Gaynor > wrote: >> No, cryptography does not support OpenSSH format private keys. This is not currently planned. >> >> Alex >> >> On Tue, Mar 3, 2020 at 1:28 AM Lalit Kumar > wrote: >> Can we retrieve the public key from private key in the new OpenSSH format like below: >> >> -----BEGIN OPENSSH PRIVATE KEY----- >> b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn >> NhAAAAAwEAAQAAAQEA2MTxUgEE1y0Mx+nA0SBDRhK2DnNQU4ACS1g8qWwanIJ81q4u1n/8 >> XUdagRSctNyzsMVsGKrPez/T+11rTlc+AKfqrJacz0SxpPi/PAszLQ6ARYESbpAGXlwwjb >> a0iYXR512mIArg/xNVWZtGHVvGDQEATIWIxOoI4hmGcE9bqHW/me8PvA/cggDKxICa0CLx >> i+7drR2exNwhYVlw//RTw1raZorVtD1rNyh4YXeX9JfX1E9RXRDaP1zonVwjH3E64hyw4y >> ARRSSnvaaQPNEmkrZMv37NQNbN/XIj9pdbXq/rBJ0yOIFQrGSYIr+yMThiloD5n/LZeAFr >> 1rCZsChawQAAA8h+4JwsfuCcLAAAAAdzc2gtcnNhAAABAQDYxPFSAQTXLQzH6cDRIENGEr >> YOc1BTgAJLWDypbBqcgnzWri7Wf/xdR1qBFJy03LOwxWwYqs97P9P7XWtOVz4Ap+qslpzP >> RLGk+L88CzMtDoBFgRJukAZeXDCNtrSJhdHnXaYgCuD/E1VZm0YdW8YNAQBMhYjE6gjiGY >> ZwT1uodb+Z7w+8D9yCAMrEgJrQIvGL7t2tHZ7E3CFhWXD/9FPDWtpmitW0PWs3KHhhd5f0 >> l9fUT1FdENo/XOidXCMfcTriHLDjIBFFJKe9ppA80SaStky/fs1A1s39ciP2l1ter+sEnT >> I4gVCsZJgiv7IxOGKWgPmf8tl4AWvWsJmwKFrBAAAAAwEAAQAAAQAi3Kmi8p8ArDIeBK4J >> 9BJdtqyo7krA4xl7XJmE9enhueqx7BmETdkcd1lK4THCtKwBhf64iOANhlplVsTnOIi0Ok >> 03rJFTlEytp4O5+GMmn+ppQzTfqzIbAuCcKgInC+qSNzF8fcNpwoY7fwlrt1LGzJ5rsB4q >> 7Si4lDpW3ax0Dw/n514DgqVXJi3KcMy37FeNgzDREK1P8lZjUGcIySQNn5/pd1zZiAZ4mX >> HwyE4q1XsqBU8WfOYObH4J7BEjrHKrCjW+K+XrOVxdIfwLg7KA6VWBld77AZSt7Dy1xAm4 >> fbpJp3YtmAeNnnuuNjr1HyyzF5hTcMiQ4ibseliTeSZxAAAAgAw+0F/ZmyYWrv2mDTzeO1 >> yhOwq/sEFyY7OeG1I1dsk8d36vWO3vVYmb9mk7b4Ud/M4C4wSuL2d64HB6wIg3nxo3M0I3 >> e0BlL/S3zzEM9H8rBd1WJpK3nQYrv+H1vLXMq96/Ph3ZY1TmOaxcdk8zKyLSQQ7quxi3ZR >> 0ZUAX70Sc/AAAAgQD8uch+1NBy4u65KOsqtx6tf3oXaKCfPl026oaosb3WnaNqNLJzlB95 >> mQaBUqIU4zkL2Z1O2ICQO7Zvv9FEoS5SPo79WO0S2CgnIsSPuvfVsggwH6wQd0K8IpvdDL >> Cyi7/eGT+tRoN+iCcSFgDNVyA0I8NvLfAQRpzcANa8KUC0+wAAAIEA25PnE/2sl7nMrZ8d >> khV+TbgPYvhhcibO0REiALkT4bs+cdHgAI+5rl9GuYFrvLNuY9e1Yh87jtDG6QTviwtjG1 >> 2U3ycQBC3amxFBkpcI30pKRrfV1SbVEr3EC5ns48iOPxDS+3J44wGaqZdWbOICX/EIdd9I >> J0tdLs/k0W+LynMAAAAPbGFsaXQua3VtYXJATWFjAQIDBA== >> -----END OPENSSH PRIVATE KEY----- >> >> This is an RSA key in the new format. Does cryptography 2.8 support this? If not is it planned for next release? >> >> -- >> Regards, >> Lalit > > -- > Ron Frederick > ronf at timeheart.net > > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev at python.org > https://mail.python.org/mailman/listinfo/cryptography-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: