How do I convert a ssh-keygen public key into a format that openssl PEM_read_bio_RSA_PUBKEY() function will...
Will dual-learning in a glider make my airplane learning safer?
Restoring order in a deck of playing cards (II)
Is it possible to kill all life on Earth?
What if you don't bring your credit card or debit for incidentals?
Why is Colorado so different politically from nearby states?
How should I push back against my job assigning "homework"?
Is the decompression of compressed and encrypted data without decryption also theoretically impossible?
Did Darth Vader wear the same suit for 20+ years?
What does War Machine's "Canopy! Canopy!" line mean in "Avengers: Endgame"?
Humans meet a distant alien species. How do they standardize? - Units of Measure
Anyone teach web development? How do you assess it?
Old black and white movie: glowing black rocks slowly turn you into stone upon touch
Is having a hidden directory under /etc safe?
Unorthodox way of solving Einstein field equations
Is American Express widely accepted in France?
The term for the person/group a political party aligns themselves with to appear concerned about the general public
Strange math syntax in old basic listing
Will TSA allow me to carry a Continuous Positive Airway Pressure (CPAP) device?
How to decline physical affection from a child whose parents are pressuring them?
You've spoiled/damaged the card
When leasing/renting out an owned property, is there a standard ratio between monthly rent and the mortgage?
If a problem only occurs randomly once in every N times on average, how many tests do I have to perform to be certain that it's now fixed?
Can you please explain this joke: "I'm going bananas is what I tell my bananas before I leave the house"?
Unconventional Opposites
How do I convert a ssh-keygen public key into a format that openssl PEM_read_bio_RSA_PUBKEY() function will consume?
RSA 2048 keypair generation: via openssl 0.5s via gpg 30s, why the difference?SSH via cert-authoritylarge file encryption with ssh's RSA key pair?Can't SSH into localhostDoes Gnome Keyring support new-format OpenSSH private keys?Convert EC Public Key from SubjectPublicKeyInfo form into “traditional” formSSH publickey login permission denied on CENTOS But not on DebianHow to store RSA-4096 SSH key in OpenSSH's new key formatshow values of an ed22519 private key stored in OpenSSH formatCan openssl convert SSH public key to a PEM file without private key?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors.
Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I perhaps SubjectPublicKeyInfo structure.
Here's the key gen code: ssh-keygen -t rsa -b 1024 -C "Test Key"
I found a converter in php on the web which will convert the contents of the public key into a base64 PEM ASCII string format. However the function still doesn't like it.
The Openssl documentation states:
- “RSA_PUBKEY() function which process a public key using an EVP_PKEY structure”
- “RSA_PUBKEY functions also process an RSA public key using an RSA structure”
How do I get my OpenSSH public key into either format that the OpenSSL function will consume it?
openssh openssl
edited Dec 16 '11 at 8:21
Gilles
556k13411421651
asked Dec 15 '11 at 21:38
PetePPeteP
201133
add a comment |
I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors.
Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I perhaps SubjectPublicKeyInfo structure.
Here's the key gen code: ssh-keygen -t rsa -b 1024 -C "Test Key"
I found a converter in php on the web which will convert the contents of the public key into a base64 PEM ASCII string format. However the function still doesn't like it.
The Openssl documentation states:
- “RSA_PUBKEY() function which process a public key using an EVP_PKEY structure”
- “RSA_PUBKEY functions also process an RSA public key using an RSA structure”
How do I get my OpenSSH public key into either format that the OpenSSL function will consume it?
openssh openssl
edited Dec 16 '11 at 8:21
Gilles
556k13411421651
asked Dec 15 '11 at 21:38
PetePPeteP
201133
Figured this out: use the openssl tool only as such:
– PeteP
Dec 16 '11 at 23:17
Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key
– PeteP
Dec 16 '11 at 23:19
add a comment |
I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors.
Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I perhaps SubjectPublicKeyInfo structure.
Here's the key gen code: ssh-keygen -t rsa -b 1024 -C "Test Key"
I found a converter in php on the web which will convert the contents of the public key into a base64 PEM ASCII string format. However the function still doesn't like it.
The Openssl documentation states:
- “RSA_PUBKEY() function which process a public key using an EVP_PKEY structure”
- “RSA_PUBKEY functions also process an RSA public key using an RSA structure”
How do I get my OpenSSH public key into either format that the OpenSSL function will consume it?
openssh openssl
edited Dec 16 '11 at 8:21
Gilles
556k13411421651
asked Dec 15 '11 at 21:38
PetePPeteP
201133
I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors.
Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I perhaps SubjectPublicKeyInfo structure.
Here's the key gen code: ssh-keygen -t rsa -b 1024 -C "Test Key"
I found a converter in php on the web which will convert the contents of the public key into a base64 PEM ASCII string format. However the function still doesn't like it.
The Openssl documentation states:
- “RSA_PUBKEY() function which process a public key using an EVP_PKEY structure”
- “RSA_PUBKEY functions also process an RSA public key using an RSA structure”
How do I get my OpenSSH public key into either format that the OpenSSL function will consume it?
openssh openssl
openssh openssl
edited Dec 16 '11 at 8:21
Gilles
556k13411421651
asked Dec 15 '11 at 21:38
PetePPeteP
201133
edited Dec 16 '11 at 8:21
Gilles
556k13411421651
asked Dec 15 '11 at 21:38
PetePPeteP
201133
edited Dec 16 '11 at 8:21
Gilles
556k13411421651
edited Dec 16 '11 at 8:21
Gilles
556k13411421651
edited Dec 16 '11 at 8:21
Gilles
556k13411421651
556k13411421651
asked Dec 15 '11 at 21:38
PetePPeteP
201133
asked Dec 15 '11 at 21:38
PetePPeteP
201133
asked Dec 15 '11 at 21:38
PetePPeteP
201133
201133
Figured this out: use the openssl tool only as such:
– PeteP
Dec 16 '11 at 23:17
Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key
– PeteP
Dec 16 '11 at 23:19
add a comment |
Figured this out: use the openssl tool only as such:
– PeteP
Dec 16 '11 at 23:17
Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key
– PeteP
Dec 16 '11 at 23:19
Figured this out: use the openssl tool only as such:
– PeteP
Dec 16 '11 at 23:17
Figured this out: use the openssl tool only as such:
– PeteP
Dec 16 '11 at 23:17
Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key
– PeteP
Dec 16 '11 at 23:19
Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key
– PeteP
Dec 16 '11 at 23:19
add a comment |
5 Answers
5
active
oldest
votes
OK!
So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.
So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).
If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:
ssh-keygen -f key.pub -e -m pkcs8
The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.
Fortunately for you, someone wrote the code to do this:
https://gist.github.com/1024558
edited 48 mins ago
Jay Taylor
1327
answered Jan 26 '12 at 15:25
Brian RedbeardBrian Redbeard
1,721930
9
Thessh-keygenmethod seems to work on Linux but not Mac OS X.
– lid
Mar 16 '14 at 18:32
3
Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the commandssh -V.
– Brian Redbeard
Jun 5 '14 at 15:53
3
Doesn't work inOpenSSH_6.2p2. Does work inOpenSSH_6.6p1.
– Old Pro
Sep 23 '14 at 22:30
-mdoesn't work for me ... what is the work around?
– pstanton
Jun 14 '16 at 5:49
add a comment |
Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:
openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem
I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.
Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:
openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem
answered Sep 16 '16 at 13:19
shawkinawshawkinaw
28024
Thanks, the -pubout from the private key did the trick for me.
– Shaun Dewberry
Oct 26 '16 at 10:26
openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pemalso work (i.e. input is pem format private key). Good answer.
– Johnny Wong
Dec 21 '17 at 10:20
add a comment |
The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:
ssh-keygen -f key.pub -e -m pkcs8
From the ssh-keygen man page:
-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.
edited Oct 19 '17 at 19:15
slm♦
260k72558706
answered Apr 13 '17 at 5:25
Aaron MeriwetherAaron Meriwether
9111
This one actually works on both Linux and macOS.
– Jay Taylor
9 hours ago
add a comment |
Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
answered Jul 1 '14 at 18:51
l3e0wu1fl3e0wu1f
9312
this doesn't actually seem to work.
– outside2344
Oct 17 '14 at 21:51
5
This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.
– Devy
Jun 11 '15 at 20:02
3
Actually,id_rsaalready is in the right format, you can check it out by yourself, the resultingid_rsa.pemis 100% identical.
– Miro Kropacek
Jan 27 '17 at 4:13
add a comment |
Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html
openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem
edited Jan 20 '13 at 21:40
Thor
12.4k13963
answered Jan 20 '13 at 20:46
Amal ChaudhuriAmal Chaudhuri
1
That method doesn't seem to actually work.
– Sean
Apr 5 '13 at 18:41
7
id_rsais not a public key. Wrong answer.
– Ahmet Alp Balkan
Apr 7 '15 at 21:34
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f26924%2fhow-do-i-convert-a-ssh-keygen-public-key-into-a-format-that-openssl-pem-read-bio%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
OK!
So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.
So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).
If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:
ssh-keygen -f key.pub -e -m pkcs8
The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.
Fortunately for you, someone wrote the code to do this:
https://gist.github.com/1024558
edited 48 mins ago
Jay Taylor
1327
answered Jan 26 '12 at 15:25
Brian RedbeardBrian Redbeard
1,721930
9
Thessh-keygenmethod seems to work on Linux but not Mac OS X.
– lid
Mar 16 '14 at 18:32
3
Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the commandssh -V.
– Brian Redbeard
Jun 5 '14 at 15:53
3
Doesn't work inOpenSSH_6.2p2. Does work inOpenSSH_6.6p1.
– Old Pro
Sep 23 '14 at 22:30
-mdoesn't work for me ... what is the work around?
– pstanton
Jun 14 '16 at 5:49
add a comment |
OK!
So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.
So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).
If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:
ssh-keygen -f key.pub -e -m pkcs8
The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.
Fortunately for you, someone wrote the code to do this:
https://gist.github.com/1024558
edited 48 mins ago
Jay Taylor
1327
answered Jan 26 '12 at 15:25
Brian RedbeardBrian Redbeard
1,721930
9
Thessh-keygenmethod seems to work on Linux but not Mac OS X.
– lid
Mar 16 '14 at 18:32
3
Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the commandssh -V.
– Brian Redbeard
Jun 5 '14 at 15:53
3
Doesn't work inOpenSSH_6.2p2. Does work inOpenSSH_6.6p1.
– Old Pro
Sep 23 '14 at 22:30
-mdoesn't work for me ... what is the work around?
– pstanton
Jun 14 '16 at 5:49
add a comment |
OK!
So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.
So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).
If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:
ssh-keygen -f key.pub -e -m pkcs8
The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.
Fortunately for you, someone wrote the code to do this:
https://gist.github.com/1024558
edited 48 mins ago
Jay Taylor
1327
answered Jan 26 '12 at 15:25
Brian RedbeardBrian Redbeard
1,721930
OK!
So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.
So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).
If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:
ssh-keygen -f key.pub -e -m pkcs8
The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.
Fortunately for you, someone wrote the code to do this:
https://gist.github.com/1024558
edited 48 mins ago
Jay Taylor
1327
answered Jan 26 '12 at 15:25
Brian RedbeardBrian Redbeard
1,721930
edited 48 mins ago
Jay Taylor
1327
edited 48 mins ago
Jay Taylor
1327
edited 48 mins ago
Jay Taylor
1327
1327
answered Jan 26 '12 at 15:25
Brian RedbeardBrian Redbeard
1,721930
answered Jan 26 '12 at 15:25
Brian RedbeardBrian Redbeard
1,721930
answered Jan 26 '12 at 15:25
Brian RedbeardBrian Redbeard
1,721930
1,721930
9
Thessh-keygenmethod seems to work on Linux but not Mac OS X.
– lid
Mar 16 '14 at 18:32
3
Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the commandssh -V.
– Brian Redbeard
Jun 5 '14 at 15:53
3
Doesn't work inOpenSSH_6.2p2. Does work inOpenSSH_6.6p1.
– Old Pro
Sep 23 '14 at 22:30
-mdoesn't work for me ... what is the work around?
– pstanton
Jun 14 '16 at 5:49
add a comment |
9
Thessh-keygenmethod seems to work on Linux but not Mac OS X.
– lid
Mar 16 '14 at 18:32
3
Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the commandssh -V.
– Brian Redbeard
Jun 5 '14 at 15:53
3
Doesn't work inOpenSSH_6.2p2. Does work inOpenSSH_6.6p1.
– Old Pro
Sep 23 '14 at 22:30
-mdoesn't work for me ... what is the work around?
– pstanton
Jun 14 '16 at 5:49
9
9
The
ssh-keygen method seems to work on Linux but not Mac OS X.– lid
Mar 16 '14 at 18:32
The
ssh-keygen method seems to work on Linux but not Mac OS X.– lid
Mar 16 '14 at 18:32
3
3
Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command
ssh -V.– Brian Redbeard
Jun 5 '14 at 15:53
Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command
ssh -V.– Brian Redbeard
Jun 5 '14 at 15:53
3
3
Doesn't work in
OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.– Old Pro
Sep 23 '14 at 22:30
Doesn't work in
OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.– Old Pro
Sep 23 '14 at 22:30
-m doesn't work for me ... what is the work around?– pstanton
Jun 14 '16 at 5:49
-m doesn't work for me ... what is the work around?– pstanton
Jun 14 '16 at 5:49
add a comment |
Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:
openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem
I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.
Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:
openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem
answered Sep 16 '16 at 13:19
shawkinawshawkinaw
28024
Thanks, the -pubout from the private key did the trick for me.
– Shaun Dewberry
Oct 26 '16 at 10:26
openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pemalso work (i.e. input is pem format private key). Good answer.
– Johnny Wong
Dec 21 '17 at 10:20
add a comment |
Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:
openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem
I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.
Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:
openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem
answered Sep 16 '16 at 13:19
shawkinawshawkinaw
28024
Thanks, the -pubout from the private key did the trick for me.
– Shaun Dewberry
Oct 26 '16 at 10:26
openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pemalso work (i.e. input is pem format private key). Good answer.
– Johnny Wong
Dec 21 '17 at 10:20
add a comment |
Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:
openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem
I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.
Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:
openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem
answered Sep 16 '16 at 13:19
shawkinawshawkinaw
28024
Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:
openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem
I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.
Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:
openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem
answered Sep 16 '16 at 13:19
shawkinawshawkinaw
28024
answered Sep 16 '16 at 13:19
shawkinawshawkinaw
28024
answered Sep 16 '16 at 13:19
shawkinawshawkinaw
28024
answered Sep 16 '16 at 13:19
shawkinawshawkinaw
28024
28024
Thanks, the -pubout from the private key did the trick for me.
– Shaun Dewberry
Oct 26 '16 at 10:26
openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pemalso work (i.e. input is pem format private key). Good answer.
– Johnny Wong
Dec 21 '17 at 10:20
add a comment |
Thanks, the -pubout from the private key did the trick for me.
– Shaun Dewberry
Oct 26 '16 at 10:26
openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pemalso work (i.e. input is pem format private key). Good answer.
– Johnny Wong
Dec 21 '17 at 10:20
Thanks, the -pubout from the private key did the trick for me.
– Shaun Dewberry
Oct 26 '16 at 10:26
Thanks, the -pubout from the private key did the trick for me.
– Shaun Dewberry
Oct 26 '16 at 10:26
openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.– Johnny Wong
Dec 21 '17 at 10:20
openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.– Johnny Wong
Dec 21 '17 at 10:20
add a comment |
The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:
ssh-keygen -f key.pub -e -m pkcs8
From the ssh-keygen man page:
-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.
edited Oct 19 '17 at 19:15
slm♦
260k72558706
answered Apr 13 '17 at 5:25
Aaron MeriwetherAaron Meriwether
9111
This one actually works on both Linux and macOS.
– Jay Taylor
9 hours ago
add a comment |
The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:
ssh-keygen -f key.pub -e -m pkcs8
From the ssh-keygen man page:
-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.
edited Oct 19 '17 at 19:15
slm♦
260k72558706
answered Apr 13 '17 at 5:25
Aaron MeriwetherAaron Meriwether
9111
This one actually works on both Linux and macOS.
– Jay Taylor
9 hours ago
add a comment |
The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:
ssh-keygen -f key.pub -e -m pkcs8
From the ssh-keygen man page:
-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.
edited Oct 19 '17 at 19:15
slm♦
260k72558706
answered Apr 13 '17 at 5:25
Aaron MeriwetherAaron Meriwether
9111
The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:
ssh-keygen -f key.pub -e -m pkcs8
From the ssh-keygen man page:
-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.
edited Oct 19 '17 at 19:15
slm♦
260k72558706
answered Apr 13 '17 at 5:25
Aaron MeriwetherAaron Meriwether
9111
edited Oct 19 '17 at 19:15
slm♦
260k72558706
edited Oct 19 '17 at 19:15
slm♦
260k72558706
edited Oct 19 '17 at 19:15
slm♦
260k72558706
260k72558706
answered Apr 13 '17 at 5:25
Aaron MeriwetherAaron Meriwether
9111
answered Apr 13 '17 at 5:25
Aaron MeriwetherAaron Meriwether
9111
answered Apr 13 '17 at 5:25
Aaron MeriwetherAaron Meriwether
9111
9111
This one actually works on both Linux and macOS.
– Jay Taylor
9 hours ago
add a comment |
This one actually works on both Linux and macOS.
– Jay Taylor
9 hours ago
This one actually works on both Linux and macOS.
– Jay Taylor
9 hours ago
This one actually works on both Linux and macOS.
– Jay Taylor
9 hours ago
add a comment |
Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
answered Jul 1 '14 at 18:51
l3e0wu1fl3e0wu1f
9312
this doesn't actually seem to work.
– outside2344
Oct 17 '14 at 21:51
5
This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.
– Devy
Jun 11 '15 at 20:02
3
Actually,id_rsaalready is in the right format, you can check it out by yourself, the resultingid_rsa.pemis 100% identical.
– Miro Kropacek
Jan 27 '17 at 4:13
add a comment |
Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
answered Jul 1 '14 at 18:51
l3e0wu1fl3e0wu1f
9312
this doesn't actually seem to work.
– outside2344
Oct 17 '14 at 21:51
5
This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.
– Devy
Jun 11 '15 at 20:02
3
Actually,id_rsaalready is in the right format, you can check it out by yourself, the resultingid_rsa.pemis 100% identical.
– Miro Kropacek
Jan 27 '17 at 4:13
add a comment |
Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
answered Jul 1 '14 at 18:51
l3e0wu1fl3e0wu1f
9312
Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
answered Jul 1 '14 at 18:51
l3e0wu1fl3e0wu1f
9312
edited Jul 1 '14 at 18:56
answered Jul 1 '14 at 18:51
l3e0wu1fl3e0wu1f
9312
answered Jul 1 '14 at 18:51
l3e0wu1fl3e0wu1f
9312
answered Jul 1 '14 at 18:51
l3e0wu1fl3e0wu1f
9312
9312
this doesn't actually seem to work.
– outside2344
Oct 17 '14 at 21:51
5
This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.
– Devy
Jun 11 '15 at 20:02
3
Actually,id_rsaalready is in the right format, you can check it out by yourself, the resultingid_rsa.pemis 100% identical.
– Miro Kropacek
Jan 27 '17 at 4:13
add a comment |
this doesn't actually seem to work.
– outside2344
Oct 17 '14 at 21:51
5
This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.
– Devy
Jun 11 '15 at 20:02
3
Actually,id_rsaalready is in the right format, you can check it out by yourself, the resultingid_rsa.pemis 100% identical.
– Miro Kropacek
Jan 27 '17 at 4:13
this doesn't actually seem to work.
– outside2344
Oct 17 '14 at 21:51
this doesn't actually seem to work.
– outside2344
Oct 17 '14 at 21:51
5
5
This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.
– Devy
Jun 11 '15 at 20:02
This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.
– Devy
Jun 11 '15 at 20:02
3
3
Actually,
id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.– Miro Kropacek
Jan 27 '17 at 4:13
Actually,
id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.– Miro Kropacek
Jan 27 '17 at 4:13
add a comment |
Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html
openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem
edited Jan 20 '13 at 21:40
Thor
12.4k13963
answered Jan 20 '13 at 20:46
Amal ChaudhuriAmal Chaudhuri
1
That method doesn't seem to actually work.
– Sean
Apr 5 '13 at 18:41
7
id_rsais not a public key. Wrong answer.
– Ahmet Alp Balkan
Apr 7 '15 at 21:34
add a comment |
Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html
openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem
edited Jan 20 '13 at 21:40
Thor
12.4k13963
answered Jan 20 '13 at 20:46
Amal ChaudhuriAmal Chaudhuri
1
That method doesn't seem to actually work.
– Sean
Apr 5 '13 at 18:41
7
id_rsais not a public key. Wrong answer.
– Ahmet Alp Balkan
Apr 7 '15 at 21:34
add a comment |
Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html
openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem
edited Jan 20 '13 at 21:40
Thor
12.4k13963
answered Jan 20 '13 at 20:46
Amal ChaudhuriAmal Chaudhuri
1
Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html
openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem
edited Jan 20 '13 at 21:40
Thor
12.4k13963
answered Jan 20 '13 at 20:46
Amal ChaudhuriAmal Chaudhuri
1
edited Jan 20 '13 at 21:40
Thor
12.4k13963
edited Jan 20 '13 at 21:40
Thor
12.4k13963
edited Jan 20 '13 at 21:40
Thor
12.4k13963
12.4k13963
answered Jan 20 '13 at 20:46
Amal ChaudhuriAmal Chaudhuri
1
answered Jan 20 '13 at 20:46
Amal ChaudhuriAmal Chaudhuri
1
answered Jan 20 '13 at 20:46
Amal ChaudhuriAmal Chaudhuri
1
1
That method doesn't seem to actually work.
– Sean
Apr 5 '13 at 18:41
7
id_rsais not a public key. Wrong answer.
– Ahmet Alp Balkan
Apr 7 '15 at 21:34
add a comment |
That method doesn't seem to actually work.
– Sean
Apr 5 '13 at 18:41
7
id_rsais not a public key. Wrong answer.
– Ahmet Alp Balkan
Apr 7 '15 at 21:34
That method doesn't seem to actually work.
– Sean
Apr 5 '13 at 18:41
That method doesn't seem to actually work.
– Sean
Apr 5 '13 at 18:41
7
7
id_rsa is not a public key. Wrong answer.– Ahmet Alp Balkan
Apr 7 '15 at 21:34
id_rsa is not a public key. Wrong answer.– Ahmet Alp Balkan
Apr 7 '15 at 21:34
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f26924%2fhow-do-i-convert-a-ssh-keygen-public-key-into-a-format-that-openssl-pem-read-bio%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Figured this out: use the openssl tool only as such:
– PeteP
Dec 16 '11 at 23:17
Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key
– PeteP
Dec 16 '11 at 23:19