Skip to main content

Key format conversion library from PuTTY to OpenSSH

Posted by kohsuke on May 18, 2008 at 8:36 PM PDT

I wrote a small Java library that converts a ssh key file in the PuTTY format into the OpenSSH format, which is much more widely used. The original motivation for this was that I saw some Hudson users who seemed to be using the PuTTY key file whereas Hudson (or more presicely the trilead ssh library that Hudson uses) only handles the OpenSSH format.

The key conversion requires several cryptographic operations (as well as base64 encoding/decoding), but unfortunately these algorithms are not available out of the box from JDK, and even worth Java cryptographic API has no source in src.zip and obfuscated, so IDEs cannot display any helpful usage tooltip, and stack traces make no sense at all. If I understand it correctly, this is due to the U.S. government regulation, but I never understood why anyone could honestly believe in the effectiveness of this regulation.

Any way, this tool relies on the trilead ssh library for those cryptographic operations. But if you need to use this with other libraries, you should be able to port it fairly easily.

I also didn't know that both formats use ASN.1. I have a bit of experience with ASN.1 as the FastInfoset project relies on it, and it appears that ASN.1 is more commonly used than I thought.

Related Topics >>

Comments

hello sir, i m working on WSDL DOC tool. i m a beginner. its my first project. So please tell me what basic knowledge shud the developer hav to develop this?And how to proceed? My email id : rastogi_samarth85@gmail.com

That's handy. I always wished that tools like IDEA, TeamCity etc. which support SSH keys (eg. used in conjunction svn+ssh repo access) would be friendly enough to tell users that the key they are using is in the 'wrong' format. I've seen plenty of people (and was one myself the first time around) waste lots of time wondering why their key wasn't working (because they were using the default Putty generated format) when they knew they were using the correct password.

selznak -- yeah, but the point is to make it easy for users. Which tool would you rather prefer to use? The one that rejects your key and ask you to run a separate tool, or the one that accepts your key and just works?

This seems like over kill. Putty can do a conversion for you. Check out this post: http://www.whoiskevin.com/2007/05/using-putty-private-keys-on-mac-os-x.html