[Cryptography-dev] New OpenSSH key format

[Ron Frederick]

You might want to see if AsyncSSH (https://asyncssh.readthedocs.io <https://asyncssh.readthedocs.io/>) can do what you’re looking for. While its main purpose is to provide an asyncio-compatible SSH client and server, it also had a very complete set of key management functions for reading and writing private/public keys and certificates, reading and writing them in a wide variety of formats and providing functions such as signing and verification with them. You don’t even need to be using asyncio to take advantage of these functions.

On Mar 2, 2020, at 10:30 PM, Alex Gaynor <alex.gaynor at gmail.com> wrote:
> No, cryptography does not support OpenSSH format private keys. This is not currently planned.
> 
> Alex
> 
> On Tue, Mar 3, 2020 at 1:28 AM Lalit Kumar <lalit.hilmarsh at gmail.com <mailto:lalit.hilmarsh at gmail.com>> wrote:
> Can we retrieve the public key from private key in the new OpenSSH format like below:
> 
> -----BEGIN OPENSSH PRIVATE KEY-----
> b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
> NhAAAAAwEAAQAAAQEA2MTxUgEE1y0Mx+nA0SBDRhK2DnNQU4ACS1g8qWwanIJ81q4u1n/8
> XUdagRSctNyzsMVsGKrPez/T+11rTlc+AKfqrJacz0SxpPi/PAszLQ6ARYESbpAGXlwwjb
> a0iYXR512mIArg/xNVWZtGHVvGDQEATIWIxOoI4hmGcE9bqHW/me8PvA/cggDKxICa0CLx
> i+7drR2exNwhYVlw//RTw1raZorVtD1rNyh4YXeX9JfX1E9RXRDaP1zonVwjH3E64hyw4y
> ARRSSnvaaQPNEmkrZMv37NQNbN/XIj9pdbXq/rBJ0yOIFQrGSYIr+yMThiloD5n/LZeAFr
> 1rCZsChawQAAA8h+4JwsfuCcLAAAAAdzc2gtcnNhAAABAQDYxPFSAQTXLQzH6cDRIENGEr
> YOc1BTgAJLWDypbBqcgnzWri7Wf/xdR1qBFJy03LOwxWwYqs97P9P7XWtOVz4Ap+qslpzP
> RLGk+L88CzMtDoBFgRJukAZeXDCNtrSJhdHnXaYgCuD/E1VZm0YdW8YNAQBMhYjE6gjiGY
> ZwT1uodb+Z7w+8D9yCAMrEgJrQIvGL7t2tHZ7E3CFhWXD/9FPDWtpmitW0PWs3KHhhd5f0
> l9fUT1FdENo/XOidXCMfcTriHLDjIBFFJKe9ppA80SaStky/fs1A1s39ciP2l1ter+sEnT
> I4gVCsZJgiv7IxOGKWgPmf8tl4AWvWsJmwKFrBAAAAAwEAAQAAAQAi3Kmi8p8ArDIeBK4J
> 9BJdtqyo7krA4xl7XJmE9enhueqx7BmETdkcd1lK4THCtKwBhf64iOANhlplVsTnOIi0Ok
> 03rJFTlEytp4O5+GMmn+ppQzTfqzIbAuCcKgInC+qSNzF8fcNpwoY7fwlrt1LGzJ5rsB4q
> 7Si4lDpW3ax0Dw/n514DgqVXJi3KcMy37FeNgzDREK1P8lZjUGcIySQNn5/pd1zZiAZ4mX
> HwyE4q1XsqBU8WfOYObH4J7BEjrHKrCjW+K+XrOVxdIfwLg7KA6VWBld77AZSt7Dy1xAm4
> fbpJp3YtmAeNnnuuNjr1HyyzF5hTcMiQ4ibseliTeSZxAAAAgAw+0F/ZmyYWrv2mDTzeO1
> yhOwq/sEFyY7OeG1I1dsk8d36vWO3vVYmb9mk7b4Ud/M4C4wSuL2d64HB6wIg3nxo3M0I3
> e0BlL/S3zzEM9H8rBd1WJpK3nQYrv+H1vLXMq96/Ph3ZY1TmOaxcdk8zKyLSQQ7quxi3ZR
> 0ZUAX70Sc/AAAAgQD8uch+1NBy4u65KOsqtx6tf3oXaKCfPl026oaosb3WnaNqNLJzlB95
> mQaBUqIU4zkL2Z1O2ICQO7Zvv9FEoS5SPo79WO0S2CgnIsSPuvfVsggwH6wQd0K8IpvdDL
> Cyi7/eGT+tRoN+iCcSFgDNVyA0I8NvLfAQRpzcANa8KUC0+wAAAIEA25PnE/2sl7nMrZ8d
> khV+TbgPYvhhcibO0REiALkT4bs+cdHgAI+5rl9GuYFrvLNuY9e1Yh87jtDG6QTviwtjG1
> 2U3ycQBC3amxFBkpcI30pKRrfV1SbVEr3EC5ns48iOPxDS+3J44wGaqZdWbOICX/EIdd9I
> J0tdLs/k0W+LynMAAAAPbGFsaXQua3VtYXJATWFjAQIDBA==
> -----END OPENSSH PRIVATE KEY-----
> 
> This is an RSA key in the new format. Does cryptography 2.8 support this? If not is it planned for next release?
> 
> -- 
> Regards,
> Lalit

-- 
Ron Frederick
ronf at timeheart.net



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/cryptography-dev/attachments/20200302/b51639db/attachment-0001.html>