How do I convert a ssh-keygen public key into a format that openssl PEM_read_bio_RSA_PUBKEY() function will...

Will dual-learning in a glider make my airplane learning safer?

Restoring order in a deck of playing cards (II)

Is it possible to kill all life on Earth?

What if you don't bring your credit card or debit for incidentals?

Why is Colorado so different politically from nearby states?

How should I push back against my job assigning "homework"?

Is the decompression of compressed and encrypted data without decryption also theoretically impossible?

Did Darth Vader wear the same suit for 20+ years?

What does War Machine's "Canopy! Canopy!" line mean in "Avengers: Endgame"?

Humans meet a distant alien species. How do they standardize? - Units of Measure

Anyone teach web development? How do you assess it?

Old black and white movie: glowing black rocks slowly turn you into stone upon touch

Is having a hidden directory under /etc safe?

Unorthodox way of solving Einstein field equations

Is American Express widely accepted in France?

The term for the person/group a political party aligns themselves with to appear concerned about the general public

Strange math syntax in old basic listing

Will TSA allow me to carry a Continuous Positive Airway Pressure (CPAP) device?

How to decline physical affection from a child whose parents are pressuring them?

You've spoiled/damaged the card

When leasing/renting out an owned property, is there a standard ratio between monthly rent and the mortgage?

If a problem only occurs randomly once in every N times on average, how many tests do I have to perform to be certain that it's now fixed?

Can you please explain this joke: "I'm going bananas is what I tell my bananas before I leave the house"?

Unconventional Opposites



How do I convert a ssh-keygen public key into a format that openssl PEM_read_bio_RSA_PUBKEY() function will consume?


RSA 2048 keypair generation: via openssl 0.5s via gpg 30s, why the difference?SSH via cert-authoritylarge file encryption with ssh's RSA key pair?Can't SSH into localhostDoes Gnome Keyring support new-format OpenSSH private keys?Convert EC Public Key from SubjectPublicKeyInfo form into “traditional” formSSH publickey login permission denied on CENTOS But not on DebianHow to store RSA-4096 SSH key in OpenSSH's new key formatshow values of an ed22519 private key stored in OpenSSH formatCan openssl convert SSH public key to a PEM file without private key?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







40















I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors.



Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I perhaps SubjectPublicKeyInfo structure.



Here's the key gen code: ssh-keygen -t rsa -b 1024 -C "Test Key"



I found a converter in php on the web which will convert the contents of the public key into a base64 PEM ASCII string format. However the function still doesn't like it.



The Openssl documentation states:




  1. “RSA_PUBKEY() function which process a public key using an EVP_PKEY structure”

  2. “RSA_PUBKEY functions also process an RSA public key using an RSA structure”


How do I get my OpenSSH public key into either format that the OpenSSL function will consume it?










share|improve this question

























  • Figured this out: use the openssl tool only as such:

    – PeteP
    Dec 16 '11 at 23:17











  • Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key

    – PeteP
    Dec 16 '11 at 23:19


















40















I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors.



Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I perhaps SubjectPublicKeyInfo structure.



Here's the key gen code: ssh-keygen -t rsa -b 1024 -C "Test Key"



I found a converter in php on the web which will convert the contents of the public key into a base64 PEM ASCII string format. However the function still doesn't like it.



The Openssl documentation states:




  1. “RSA_PUBKEY() function which process a public key using an EVP_PKEY structure”

  2. “RSA_PUBKEY functions also process an RSA public key using an RSA structure”


How do I get my OpenSSH public key into either format that the OpenSSL function will consume it?










share|improve this question

























  • Figured this out: use the openssl tool only as such:

    – PeteP
    Dec 16 '11 at 23:17











  • Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key

    – PeteP
    Dec 16 '11 at 23:19














40












40








40


17






I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors.



Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I perhaps SubjectPublicKeyInfo structure.



Here's the key gen code: ssh-keygen -t rsa -b 1024 -C "Test Key"



I found a converter in php on the web which will convert the contents of the public key into a base64 PEM ASCII string format. However the function still doesn't like it.



The Openssl documentation states:




  1. “RSA_PUBKEY() function which process a public key using an EVP_PKEY structure”

  2. “RSA_PUBKEY functions also process an RSA public key using an RSA structure”


How do I get my OpenSSH public key into either format that the OpenSSL function will consume it?










share|improve this question
















I'm having an issue generating a public key that the openssl PEM_read_bio_RSA_PUBKEY() function can consume. I keep getting errors.



Obviously I cannot simply use the ASCII string in the ssh-keygen <>.pub key file as it is in SSH file format or I perhaps SubjectPublicKeyInfo structure.



Here's the key gen code: ssh-keygen -t rsa -b 1024 -C "Test Key"



I found a converter in php on the web which will convert the contents of the public key into a base64 PEM ASCII string format. However the function still doesn't like it.



The Openssl documentation states:




  1. “RSA_PUBKEY() function which process a public key using an EVP_PKEY structure”

  2. “RSA_PUBKEY functions also process an RSA public key using an RSA structure”


How do I get my OpenSSH public key into either format that the OpenSSL function will consume it?







openssh openssl






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Dec 16 '11 at 8:21









Gilles

556k13411421651




556k13411421651










asked Dec 15 '11 at 21:38









PetePPeteP

201133




201133













  • Figured this out: use the openssl tool only as such:

    – PeteP
    Dec 16 '11 at 23:17











  • Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key

    – PeteP
    Dec 16 '11 at 23:19



















  • Figured this out: use the openssl tool only as such:

    – PeteP
    Dec 16 '11 at 23:17











  • Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key

    – PeteP
    Dec 16 '11 at 23:19

















Figured this out: use the openssl tool only as such:

– PeteP
Dec 16 '11 at 23:17





Figured this out: use the openssl tool only as such:

– PeteP
Dec 16 '11 at 23:17













Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key

– PeteP
Dec 16 '11 at 23:19





Create Private key: openssl genrsa -out test.priv.key 2048; Output Public key in same format (PEM?): openssl rsa -in test.priv.key -pubout -out test.pub.key

– PeteP
Dec 16 '11 at 23:19










5 Answers
5






active

oldest

votes


















47














OK!



So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.



So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).



If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:



ssh-keygen -f key.pub -e -m pkcs8


The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.



Fortunately for you, someone wrote the code to do this:



https://gist.github.com/1024558






share|improve this answer





















  • 9





    The ssh-keygen method seems to work on Linux but not Mac OS X.

    – lid
    Mar 16 '14 at 18:32






  • 3





    Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command ssh -V.

    – Brian Redbeard
    Jun 5 '14 at 15:53






  • 3





    Doesn't work in OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.

    – Old Pro
    Sep 23 '14 at 22:30











  • -m doesn't work for me ... what is the work around?

    – pstanton
    Jun 14 '16 at 5:49



















16














Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:



openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem


I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.



Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:



openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem





share|improve this answer
























  • Thanks, the -pubout from the private key did the trick for me.

    – Shaun Dewberry
    Oct 26 '16 at 10:26











  • openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.

    – Johnny Wong
    Dec 21 '17 at 10:20





















9














The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:



ssh-keygen -f key.pub -e -m pkcs8


From the ssh-keygen man page:



-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.





share|improve this answer


























  • This one actually works on both Linux and macOS.

    – Jay Taylor
    9 hours ago



















6














Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).



openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem





share|improve this answer


























  • this doesn't actually seem to work.

    – outside2344
    Oct 17 '14 at 21:51






  • 5





    This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.

    – Devy
    Jun 11 '15 at 20:02






  • 3





    Actually, id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.

    – Miro Kropacek
    Jan 27 '17 at 4:13



















-2














Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html



openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem





share|improve this answer


























  • That method doesn't seem to actually work.

    – Sean
    Apr 5 '13 at 18:41






  • 7





    id_rsa is not a public key. Wrong answer.

    – Ahmet Alp Balkan
    Apr 7 '15 at 21:34












Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f26924%2fhow-do-i-convert-a-ssh-keygen-public-key-into-a-format-that-openssl-pem-read-bio%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























5 Answers
5






active

oldest

votes








5 Answers
5






active

oldest

votes









active

oldest

votes






active

oldest

votes









47














OK!



So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.



So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).



If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:



ssh-keygen -f key.pub -e -m pkcs8


The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.



Fortunately for you, someone wrote the code to do this:



https://gist.github.com/1024558






share|improve this answer





















  • 9





    The ssh-keygen method seems to work on Linux but not Mac OS X.

    – lid
    Mar 16 '14 at 18:32






  • 3





    Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command ssh -V.

    – Brian Redbeard
    Jun 5 '14 at 15:53






  • 3





    Doesn't work in OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.

    – Old Pro
    Sep 23 '14 at 22:30











  • -m doesn't work for me ... what is the work around?

    – pstanton
    Jun 14 '16 at 5:49
















47














OK!



So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.



So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).



If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:



ssh-keygen -f key.pub -e -m pkcs8


The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.



Fortunately for you, someone wrote the code to do this:



https://gist.github.com/1024558






share|improve this answer





















  • 9





    The ssh-keygen method seems to work on Linux but not Mac OS X.

    – lid
    Mar 16 '14 at 18:32






  • 3





    Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command ssh -V.

    – Brian Redbeard
    Jun 5 '14 at 15:53






  • 3





    Doesn't work in OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.

    – Old Pro
    Sep 23 '14 at 22:30











  • -m doesn't work for me ... what is the work around?

    – pstanton
    Jun 14 '16 at 5:49














47












47








47







OK!



So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.



So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).



If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:



ssh-keygen -f key.pub -e -m pkcs8


The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.



Fortunately for you, someone wrote the code to do this:



https://gist.github.com/1024558






share|improve this answer















OK!



So I walked into this thinking "Easy, I got this." Turns out there's a whole lot more to it than even I thought.



So the first issue is that (according to the man pages for OpenSSL (man 3 pem)), OpenSSL is expecting the RSA key to be in PKCS#1 format. Clearly this isn't what ssh-keygen is working with. You have two options (from searching around).



If you have OpenSSH v. 5.6 or later (I did not on my laptop), you can run this:



ssh-keygen -f key.pub -e -m pkcs8


The longer method of doing this is to break apart your SSH key into it's various components (the blog entry I found some of this in accuses OpenSSH of being "proprietary", I prefer to call it "unique") and then use an ASN1 library to swap things around.



Fortunately for you, someone wrote the code to do this:



https://gist.github.com/1024558







share|improve this answer














share|improve this answer



share|improve this answer








edited 48 mins ago









Jay Taylor

1327




1327










answered Jan 26 '12 at 15:25









Brian RedbeardBrian Redbeard

1,721930




1,721930








  • 9





    The ssh-keygen method seems to work on Linux but not Mac OS X.

    – lid
    Mar 16 '14 at 18:32






  • 3





    Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command ssh -V.

    – Brian Redbeard
    Jun 5 '14 at 15:53






  • 3





    Doesn't work in OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.

    – Old Pro
    Sep 23 '14 at 22:30











  • -m doesn't work for me ... what is the work around?

    – pstanton
    Jun 14 '16 at 5:49














  • 9





    The ssh-keygen method seems to work on Linux but not Mac OS X.

    – lid
    Mar 16 '14 at 18:32






  • 3





    Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command ssh -V.

    – Brian Redbeard
    Jun 5 '14 at 15:53






  • 3





    Doesn't work in OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.

    – Old Pro
    Sep 23 '14 at 22:30











  • -m doesn't work for me ... what is the work around?

    – pstanton
    Jun 14 '16 at 5:49








9




9





The ssh-keygen method seems to work on Linux but not Mac OS X.

– lid
Mar 16 '14 at 18:32





The ssh-keygen method seems to work on Linux but not Mac OS X.

– lid
Mar 16 '14 at 18:32




3




3





Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command ssh -V.

– Brian Redbeard
Jun 5 '14 at 15:53





Lid, see the note in the answer about SSH version. OS X doesn't ship a recent version of OpenSSH. Run the command ssh -V.

– Brian Redbeard
Jun 5 '14 at 15:53




3




3





Doesn't work in OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.

– Old Pro
Sep 23 '14 at 22:30





Doesn't work in OpenSSH_6.2p2. Does work in OpenSSH_6.6p1.

– Old Pro
Sep 23 '14 at 22:30













-m doesn't work for me ... what is the work around?

– pstanton
Jun 14 '16 at 5:49





-m doesn't work for me ... what is the work around?

– pstanton
Jun 14 '16 at 5:49













16














Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:



openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem


I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.



Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:



openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem





share|improve this answer
























  • Thanks, the -pubout from the private key did the trick for me.

    – Shaun Dewberry
    Oct 26 '16 at 10:26











  • openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.

    – Johnny Wong
    Dec 21 '17 at 10:20


















16














Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:



openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem


I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.



Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:



openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem





share|improve this answer
























  • Thanks, the -pubout from the private key did the trick for me.

    – Shaun Dewberry
    Oct 26 '16 at 10:26











  • openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.

    – Johnny Wong
    Dec 21 '17 at 10:20
















16












16








16







Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:



openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem


I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.



Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:



openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem





share|improve this answer













Assuming you have the SSH private key id_rsa, you can extract the public key from it like so:



openssl rsa -in id_rsa -pubout -out id_rsa.pub.pem


I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway.



Note also that this command results in a PEM public key format, which is generally what OpenSSL expects. The answer by Brian, on the other hand, results in a file in RSAPublicKey format, which is not the normal format expected by OpenSSL (though later versions can apparently read it via the -RSAPublicKey_in flag). To convert you can do this:



openssl rsa -RSAPublicKey_in -in id_rsa.rsapub.pem -pubout -out id_rsa.pub.pem






share|improve this answer












share|improve this answer



share|improve this answer










answered Sep 16 '16 at 13:19









shawkinawshawkinaw

28024




28024













  • Thanks, the -pubout from the private key did the trick for me.

    – Shaun Dewberry
    Oct 26 '16 at 10:26











  • openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.

    – Johnny Wong
    Dec 21 '17 at 10:20





















  • Thanks, the -pubout from the private key did the trick for me.

    – Shaun Dewberry
    Oct 26 '16 at 10:26











  • openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.

    – Johnny Wong
    Dec 21 '17 at 10:20



















Thanks, the -pubout from the private key did the trick for me.

– Shaun Dewberry
Oct 26 '16 at 10:26





Thanks, the -pubout from the private key did the trick for me.

– Shaun Dewberry
Oct 26 '16 at 10:26













openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.

– Johnny Wong
Dec 21 '17 at 10:20







openssl rsa -in id_rsa.pem -pubout -out id_rsa.pub.pem also work (i.e. input is pem format private key). Good answer.

– Johnny Wong
Dec 21 '17 at 10:20













9














The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:



ssh-keygen -f key.pub -e -m pkcs8


From the ssh-keygen man page:



-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.





share|improve this answer


























  • This one actually works on both Linux and macOS.

    – Jay Taylor
    9 hours ago
















9














The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:



ssh-keygen -f key.pub -e -m pkcs8


From the ssh-keygen man page:



-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.





share|improve this answer


























  • This one actually works on both Linux and macOS.

    – Jay Taylor
    9 hours ago














9












9








9







The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:



ssh-keygen -f key.pub -e -m pkcs8


From the ssh-keygen man page:



-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.





share|improve this answer















The format you want is what ssh-keygen calls PKCS8. So the following command will produce the desired output:



ssh-keygen -f key.pub -e -m pkcs8


From the ssh-keygen man page:



-m key_format
Specify a key format for the -i (import) or -e (export) conversion
options. The supported key formats are:
``RFC4716'' (RFC 4716/SSH2 public or private key),
``PKCS8'' (PEM PKCS8 public key) or
``PEM'' (PEM public key).
The default conversion format is ``RFC4716''.






share|improve this answer














share|improve this answer



share|improve this answer








edited Oct 19 '17 at 19:15









slm

260k72558706




260k72558706










answered Apr 13 '17 at 5:25









Aaron MeriwetherAaron Meriwether

9111




9111













  • This one actually works on both Linux and macOS.

    – Jay Taylor
    9 hours ago



















  • This one actually works on both Linux and macOS.

    – Jay Taylor
    9 hours ago

















This one actually works on both Linux and macOS.

– Jay Taylor
9 hours ago





This one actually works on both Linux and macOS.

– Jay Taylor
9 hours ago











6














Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).



openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem





share|improve this answer


























  • this doesn't actually seem to work.

    – outside2344
    Oct 17 '14 at 21:51






  • 5





    This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.

    – Devy
    Jun 11 '15 at 20:02






  • 3





    Actually, id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.

    – Miro Kropacek
    Jan 27 '17 at 4:13
















6














Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).



openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem





share|improve this answer


























  • this doesn't actually seem to work.

    – outside2344
    Oct 17 '14 at 21:51






  • 5





    This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.

    – Devy
    Jun 11 '15 at 20:02






  • 3





    Actually, id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.

    – Miro Kropacek
    Jan 27 '17 at 4:13














6












6








6







Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).



openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem





share|improve this answer















Similar to Amal Chaudhuri's method below, this is what worked for me. I needed to create a pem file from the ssh public key I'd generated for my SFTP client (Cyberduck).



openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem






share|improve this answer














share|improve this answer



share|improve this answer








edited Jul 1 '14 at 18:56

























answered Jul 1 '14 at 18:51









l3e0wu1fl3e0wu1f

9312




9312













  • this doesn't actually seem to work.

    – outside2344
    Oct 17 '14 at 21:51






  • 5





    This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.

    – Devy
    Jun 11 '15 at 20:02






  • 3





    Actually, id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.

    – Miro Kropacek
    Jan 27 '17 at 4:13



















  • this doesn't actually seem to work.

    – outside2344
    Oct 17 '14 at 21:51






  • 5





    This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.

    – Devy
    Jun 11 '15 at 20:02






  • 3





    Actually, id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.

    – Miro Kropacek
    Jan 27 '17 at 4:13

















this doesn't actually seem to work.

– outside2344
Oct 17 '14 at 21:51





this doesn't actually seem to work.

– outside2344
Oct 17 '14 at 21:51




5




5





This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.

– Devy
Jun 11 '15 at 20:02





This ONLY works for private RSA key NOT the public key OP was asking. So wrong answer.

– Devy
Jun 11 '15 at 20:02




3




3





Actually, id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.

– Miro Kropacek
Jan 27 '17 at 4:13





Actually, id_rsa already is in the right format, you can check it out by yourself, the resulting id_rsa.pem is 100% identical.

– Miro Kropacek
Jan 27 '17 at 4:13











-2














Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html



openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem





share|improve this answer


























  • That method doesn't seem to actually work.

    – Sean
    Apr 5 '13 at 18:41






  • 7





    id_rsa is not a public key. Wrong answer.

    – Ahmet Alp Balkan
    Apr 7 '15 at 21:34
















-2














Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html



openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem





share|improve this answer


























  • That method doesn't seem to actually work.

    – Sean
    Apr 5 '13 at 18:41






  • 7





    id_rsa is not a public key. Wrong answer.

    – Ahmet Alp Balkan
    Apr 7 '15 at 21:34














-2












-2








-2







Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html



openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem





share|improve this answer















Another way to do this from another site. Posting this in case you need another method. Works very well.
http://www.chatur.com.np/2011/01/convert-openssh-rsa-key-to-pem-format.html



openssl dsa -in ~/.ssh/id_dsa -outform pem > id_dsa.pem






share|improve this answer














share|improve this answer



share|improve this answer








edited Jan 20 '13 at 21:40









Thor

12.4k13963




12.4k13963










answered Jan 20 '13 at 20:46









Amal ChaudhuriAmal Chaudhuri

1




1













  • That method doesn't seem to actually work.

    – Sean
    Apr 5 '13 at 18:41






  • 7





    id_rsa is not a public key. Wrong answer.

    – Ahmet Alp Balkan
    Apr 7 '15 at 21:34



















  • That method doesn't seem to actually work.

    – Sean
    Apr 5 '13 at 18:41






  • 7





    id_rsa is not a public key. Wrong answer.

    – Ahmet Alp Balkan
    Apr 7 '15 at 21:34

















That method doesn't seem to actually work.

– Sean
Apr 5 '13 at 18:41





That method doesn't seem to actually work.

– Sean
Apr 5 '13 at 18:41




7




7





id_rsa is not a public key. Wrong answer.

– Ahmet Alp Balkan
Apr 7 '15 at 21:34





id_rsa is not a public key. Wrong answer.

– Ahmet Alp Balkan
Apr 7 '15 at 21:34


















draft saved

draft discarded




















































Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f26924%2fhow-do-i-convert-a-ssh-keygen-public-key-into-a-format-that-openssl-pem-read-bio%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Taj Mahal Inhaltsverzeichnis Aufbau | Geschichte | 350-Jahr-Feier | Heutige Bedeutung | Siehe auch |...

Baia Sprie Cuprins Etimologie | Istorie | Demografie | Politică și administrație | Arii naturale...

Nicolae Petrescu-Găină Cuprins Biografie | Opera | In memoriam | Varia | Controverse, incertitudini...