Subject: Re: SecKeyGeneratePair + remote login

Re: SecKeyGeneratePair + remote login

From: Peter Stuge <>
Date: Wed, 18 Aug 2010 15:10:26 +0200

Paresh Thakor wrote:
> I'm also working on libssh2 API. And my issues is with
> libssh2_userauth_publickey_fromfile(). I'm using apple's sample code
> with
> - (void)generateKeyPairPlease{
> }
> and
> SecKeyGeneratePair()
> inside the above method. You can take a look at apple's sample code
> for this.

Why should we? You should provide the relevant information when you
ask for help. Remember that we are not working for you..

> Now, i need to encode keys to log or take them as string, so, i can
> write these keys into files which are accessible to libssh2
> function because it needs filepath, right?

At the moment, yes, libssh2 needs both the private key and the public
key to be saved in files.

> But i always have -1 (error) as output.

Output from what?

> I don't know if i'm having few mistakes writing keypair. i've
> written keys into id_rsa and inside documents folder.

Which file you save the keys in is of course not important, since you
give libssh2 the filenames. The format is important however.

> Private key i'm getting is:
> 3c00+Eo3sCIdXbHhtcIHKkdyx4tQ6A==

(Please don't use this key except for testing now that you have sent
it out to the world.)

> and public key is:
> I'm writing the same format or content into id_rsa and
> file, is that correct or we need to write these keys into some
> special format?

That's not quite correct. They need to be in the same format as
the OpenSSH tool ssh-keygen produces. For the private key this is the
RSA key PEM format also used by OpenSSL.

For the public key, it is an OpenSSH specific format, basically you
only need to prepend the algorithm to the string that you already
have, so it would something like:

ssh-rsa MII...

You can use ssh-keygen from OpenSSH to convert between a couple of
different file formats, but the private key will need more work than
the public key if you can not use OpenSSL.

OpenSSH calls the OpenSSL function PEM_write_RSAPrivateKey() to
create private keys from an OpenSSL RSA key.

Of course, to get complete examples of the key types, you can just
run ssh-keygen from OpenSSH on some system and look at the files.
This would have been a good idea to do already.

> Please let me know if we have to about few format specification
> guide.

Look around OpenSSL for info about the PEM format used for private
keys. Hopefully you can easily make the same file using whatever
toolkit or framework your environment offers.

Received on 2010-08-18