Mercurial Mercurial > notes / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ssl conversions
authorTomas Zeman <tzeman@volny.cz>
Fri, 18 Jul 2014 15:48:34 +0200
changeset 38 68d27bdf49c9
parent 37 889dfa7eace0
child 39 338868970aff
ssl conversions
ssl/conversion.txt file | annotate | diff | comparison | revisions
ssl/conversion2.txt file | annotate | diff | comparison | revisions 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ssl/conversion.txt	Fri Jul 18 15:48:34 2014 +0200
@@ -0,0 +1,29 @@
+http://superuser.com/questions/576506/how-to-use-ssh-rsa-public-key-to-encrypt-a-text
+http://goodworkaround.com/node/17
+
+OpenSSH -> OpenSSL
+==================
+
+  * Pubkey conversion:
+
+  ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pkcs8 > /tmp/id_rsa.pub.pem
+
+
+OpenSSL operations
+==================
+
+  * Encryption:
+
+  openssl rsautl -encrypt -pubin -inkey /tmp/id_rsa.pub.pem > /tmp/c.txt
+
+  * Decryption:
+
+  openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in /tmp/c.txt
+
+  * Signing:
+
+  openssl dgst -sha1 -sign ~/.ssh/id_rsa file.txt > file.txt.sig
+
+  * Verification:
+
+  openssl dgst -sha1 -verify /tmp/id_rsa.pub.pem -signature file.txt.sig file.txt
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/ssl/conversion2.txt	Fri Jul 18 15:48:34 2014 +0200
@@ -0,0 +1,72 @@
+http://www.sysmic.org/dotclear/index.php?post/2010/03/24/Convert-keys-betweens-GnuPG%2C-OpenSsh-and-OpenSSL
+
+OpenSSH -> OpenSSL
+==================
+
+OpenSSH private keys are directly understable by OpenSSL:
+
+  openssl rsa -in ~/.ssh/id_rsa -text
+  openssl dsa -in ~/.ssh/id_dsa -text
+
+So, you can directly create certification request:
+
+  openssl req -new -key ~/.ssh/id_dsa -out mykey.csr
+
+OpenSSL -> OpenSSH
+==================
+
+Private keys format is same between OpenSSL and OpenSSH, but not public key format. Nevertheless, you extract public key from private key file:
+
+  ssh-keygen -y -f id_rsa > id_rsa.pub
+
+GnuPG -> OpenSSL
+================
+
+Gpgsm utility can exports keys and certificate in PCSC12:
+
+  gpgsm -o  secret-gpg-key.p12 --export-secret-key-p12 0xXXXXXXXX
+
+You have -> extract Key and Certificates separatly:
+
+  openssl pkcs12 -in secret-gpg-key.p12 -nocerts -out gpg-key.pem
+  openssl pkcs12 -in secret-gpg-key.p12 -nokeys -out gpg-certs.pem
+
+You can now use it in OpenSSL.
+
+You can also do similar thing with GnuPG public keys. There will be only certificates output.
+
+OpenSSL -> GnuPG
+================
+
+Invert process:
+
+  openssl pkcs12 -export -in gpg-certs.pem -inkey gpg-key.pem -out gpg-key.p12
+  gpgsm --import gpg-key.p12
+
+GnuPG -> OpenSSH
+================
+
+Now, chain processes:
+
+  gpgsm -o  secret-gpg-key.p12 --export-secret-key-p12 0xXXXXXXXX
+  openssl pkcs12 -in secret-gpg-key.p12 -nocerts -out gpg-key.pem
+
+We need -> protect key, else ssh refuse it.
+
+  chmod 600 gpg-key.pem
+  cp gpg-key.pem ~/.ssh/id_rsa
+  ssh-keygen -y -f gpg-key.pem > ~/.ssh/id_rsa.pub
+
+OpenSSH -> GnuPG
+================
+
+First we need to create a certificate (self-signed) for our ssh key:
+
+  openssl req -new -x509 -key ~/.ssh/id_rsa -out ssh-cert.pem
+
+We can now import it in GnuPG
+
+  openssl pkcs12 -export -in ssh-certs.pem -inkey ~/.ssh/id_rsa -out ssh-key.p12
+  gpgsm --import ssh-key.p12
+
+Notice you cannot import/export DSA ssh keys to/from GnuPG
notes