PKCS1/PKCS8 encodings

[epoberezkin]

Are you planning to add it?

I mean this probably:

ssh_key/lib/src/keys/key_private.dart

Line 195 in 324ba11

} else if (block.label == 'RSA PRIVATE KEY') {

I might be wrong, I think most libraries refer to it as PKCS8?

I could try to add... rsa_pkcs has these implementations but it's much more permissive on parsing, it does not validate ASN1 sequences.

[hoylen]

It depends on what you really mean by "PKCS#8".

It might support it already. From the README, it does support this:

Textual encoding of subjectPublicKeyInfo from X.509 (OpenSSH incorrectly calls this "PKCS #8")

The real "PKCS #8" is a format for storing private keys (e.g. see the Wikipedia article on PKCS#8). But you might be referring to the misnamed format that is used for public keys.

Can you provide an example file, of the particular "PKCS#8" you mean? (Obviously, not a private key used in production!)

Thanks.

Hoylen

[epoberezkin]

Hi - this is an example key (it's PKCS1):

MIIFIQIBAAKCAQEAsigXn8PsL+tyXVOXNhcIFuHmH/aU42ZZoaIEyt8/4MZrype9HD90o9s0bTObdiW4AAKoDG0hvwpjwQeLSTyMdIKqfntzw+yI/qrq+nsV35m+Xcy+HD91Q5eWcf3O6886N9cBTH2ThQ2an3+7z6T4yr58ybrUMs0sM7QKOKj6EOdEkUyRFJhqdhhuCyZPh+HPMEBj2qSJqkkBWEWRoEQULfnyDaEdQVZPCngQc9ixbZlajWDPoKXlKlfAVEIXMIWHiNAqqxOOuHx0+sv9DuWHxy+3WFuGRIPhNEz1oIYs4lqpkZ8wb2S+Og+wwsJbHgLxTsQErrnLuTEtIAa06u1q0wKBgHgT22txXS4nHmTQUEsUEa6In1AzNAsyTJwETBl/jYXHOtDUR4gH5sDVnzSpnawVG7ZerW7tBCXjMRMCzmv539sLbYvEslRUNXOaSFCGnImC1ImNIn5bjssGcMFSNEe1gNPnTTwWCuKoCQ3MqFduxJd+CT2fKAMTSMv0MsGtEf0ZAoIBAG+ACItCBcQNr5eEQbmo3C+pMS4q6OnOvNjdpUGkkIkDcfv0jElmZc6yP3/DX3jAutoVG2IUlEKKH02SqBqIyryiUk8GjQg5ZpZ5ISV2Zbp5yRRwfvBYv+9VwoCt4O74B+dfHrI9V1eRPK68A+/LTdLSj5NbQArmydFsOugab+5D0EGRVuo/23J3k9opwJDd9w+8kEkBSTIzO4oLx2PwGxRqqLXGysDrRR42PG+btVWGZfgZ2GORsOdb0/8g7xpYdZ2fC4bbzmVVNNnJr682SwUTmDa7C2m2JwZ7zE0DsRo59asp9wy7uG/OXCLYrBHI9srVAiq3IlsFDHZ9FKS2wQkCgYEA6MaoBKVeC+vf5EshmJlopx9o/SBBZ+w1Qu+pPfyScgVUEi17PWU6Igtpe4dU+qX8pTNrh5BQ+ur7KJpxbeyPdawSDV1X3nEVcNj4kBfEnW/fEtWeSTTAX6AIsJPzAdO0W7LfD7B+tLG1FTTopGoqyYrIpwixETdEC5oFg4FRf0UCgYEAw+5mOiUMS70rZ+hlmTtT6oOC8UZEliDxJFCOVyC5vuCIDAPP+jTHMFfGgHfkSryMRJpVq5r6TTJFq6ViOhwTqj9QlP0NxlCyhc9l4+tbpz84+jJudF1RlagBqaH/wrWbRHarIqS6I77t5JEG4dk4cEXRZ2Non6BkwDwSLZpadzcCgYAsMRBJKbfD9e68RPrTRR6JPLsTrolXwJR247EXsvWa4b1W6i+Ppv29/Y5tokSeY5+7Fq7Spot5nEn2CpliDoz2LHeMQX23nQr3iujou8Jwte/HA6tx1MxWiKd3OrFkpuQujxxd8O02nLo8NSc2Hkbzq8Yq2hhniTP1npPsXKZtPQKBgAZlV1dDVc9wvEdnut5RMRERsDJXb5U+sB3dZTtTfjFBqd8GJT1Ekgzf5n+GwTgnISScRWwlOzY3sNy1XwYKlteL+IXLAYzKhZRdAUocUJva+pfUrhHJWsXYcy6liSVkYtN3Utm4KvDid36EujqLY+wEzytyzu84y3ijB6oEEDTXAoGBALxl9NBo9m/au0n/62f2E7G1ReFW2SJLjWPaBgt1yGaVm0gFi4JmW3WWU6FZ/QPsxz9fzOTGGFPDhRPjYFR8o7Dqn+XnxHw8VCw/d2DcGJTXG3biT96JOQGNnnFg+/r/PKZGt+ltCT9Q4xFfMYocWRAVtqi0RuKNs3qx8LxnVaYM

I've unpicked the implementation of rsa_pkcs to do decoding via ASN1, but it's more permissive as I said, and it doesn't have encoding - yet to do... Also your docs say PKCS1 is supported here, so probably worth adding - it shouldn't be too difficult (there is even a commented out test:)...

[hoylen]

Yes, that is a PKCS#1 private key. For ssh_key to be able to parse it, you'll need to add a -----BEGIN RSA PRIVATE KEY----- header line and the corresponding -----END RSA PRIVATE KEY----- footer line. It is definitely not PKCS#8 (neither real PKCS#8 nor what OpenSSH incorrectly calls PKCS#8).

I've made some experimental changes to the code to better support PKCS#1 private keys. It is very strict about both the ASN.1 and the numbers in it (i.e. the RSA modulus, exponents and primes must all be correct RSA values).

Try the 0.8.0-beta code from the "rsa-private" branch in GitHub, and let me know if that works. Private key support is still very experimental. Partially because the formats are not well documented, because the interoperability/exchange of private keys wasn't a priority for implementations.

Use something like this in your pubspec.yaml:

dependencies:
  ssh_key:
    git:
      url: https://github.com/hoylen/ssh_key.git
      ref: rsa-private