ssh-keygen fails to read key generated by itself

Question

Using OpenSSH_8.9p1 Ubuntu-3ubuntu0.7 on WSL, ssh-keygen refuses a key it previously generated, outputting error:

do_convert_from_ssh2: parse key: invalid format

Reproduction

$ cd /tmp/some_directory
$ ssh-keygen -f id_rsa -m RFC4716 -N ''
[... nominal output ...]

$ ssh-keygen -i -f id_rsa -m RFC4716                                                                                             
do_convert_from_ssh2: parse key: invalid format

$ ssh-keygen -i -f id_rsa                                                                                         
do_convert_from_ssh2: parse key: invalid format

As this is a test/trashed private key, I can share it with you:

(note: lines are correctly separated by singles 0x0a, and the file correctly shows a final 0x0a)

My end goal is to convert this key for use with openssl pkeyutl -decrypt -inkey ${converted_key_file}. What am I doing wrong?

grawity_u1686 · Accepted Answer · 2024-05-28 14:31:07Z

Contrary to what its documentation says, OpenSSH's ssh-keygen can only import "RFC4716" (SSH.COM) private keys but not write them, so the key it did write it is in the OpenSSH format – not in the RFC4716 format that you're now asking it to read.

Header	Format
`-----BEGIN OPENSSH PRIVATE KEY-----`	OpenSSH
`---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----`	"RFC4716" (SSH.COM/Tectia/SecureCRT)
`-----BEGIN PRIVATE KEY-----`	PKCS#8 (standard for TLS certs)
`-----BEGIN RSA PRIVATE KEY-----`	"PEM" (PKCS#1), old TLS & old OpenSSH

(As a side note, RFC 4716 only specifies the format for a public key, not for a private key. Although a corresponding private key format exists, it was not published as an IETF standard, which might be one of the reasons OpenSSH does not write such keys.)

Most importantly, though, this format will be useless as far as your goal to use it with OpenSSL tools. This is not the "PEM" key format that OpenSSL works with – RFC4716 is basically the "Tectia SSH / VanDyke SecureCRT / MultiNet SSH" key type, and despite looking roughly similar on the outside, it's a completely different format internally.

PuTTY does support writing private keys in the "RFC4716" format (and more accurately calls it the "ssh.com" format), so if you needed to use your keypair with SecureCRT or Tectia SSH, you could use puttygen -O private-sshcom.

But since you want to use the key with OpenSSL, you should be converting it to PKCS8 or PEM formats instead. (Both are natively supported by OpenSSL – PKCS8 is the more modern one that OpenSSL 1.1/3.x generates, while PEM is the "legacy" format that OpenSSL ≤1.0 used to generate; it also happens to be the format that ssh-keygen used to generate.)

Generate new key in PKCS#8 format:
```
ssh-keygen -f id_rsa -t rsa -m PKCS8
```
Convert an existing key to PKCS#8 format:
```
ssh-keygen -f id_rsa -p -m PKCS8
```

Alternatively, you would get exactly the same result if you generated the key using OpenSSL (since, after all, you have the openssl tool available):

Newer syntax:

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out id_rsa
openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out id_ecdsa

Older syntax:
```
openssl genrsa 2048 -out id_rsa
```
(Will output a PKCS#8 key by default; use -traditional to output a PEM key.)

If you already have an "RFC4716" SSH.COM private key, you can convert it to an OpenSSL compatible format using:

OpenSSH using the -i option:
```
umask 077; ssh-keygen -i -f id_rsa.priv > id_rsa.pem
```
(Always produces PEM – they forgot to add options for new formats – but you can pipe it through openssl pkey to get PKCS#8.)
PuTTYgen (which calls PEM the "OpenSSH format" as it used to be the only format OpenSSH had – not to be confused with "OpenSSH format (new)" which is the actual OpenSSH format):
```
puttygen id_rsa.priv -o private-openssh -O id_rsa.pem
```

Thank you for this excellent answer! I'd need one last bit to consider the answer complete: I already have a private key in the ssh.com format (one I intend to use). How can I convert it to either PKCS8 or PEM format? And do you have any clue why ssh-keygen -i -f id_rsa fails? — YSC, Commented May 28 at 12:20
From what you've shown in your post, it fails because you're asking ssh-keygen to import from ssh.com format while the file is not in fact in that format (it's in the OpenSSH format). If it really were in ssh.com format, -i would have worked even without needing to specify -m. (It always outputs PEM for some reason.) — grawity_u1686, Commented May 28 at 12:27
Yes but my keys are in the OpenSSH format (which is the default for the version of ssh-keygen I have). Found that (stackoverflow.com/a/69207820/5470596) I can convert them to PEM or other format with the -p flag. Quite a surprise, but it works. Thanks again. — YSC, Commented May 28 at 12:43
But...you just said they in the ssh.com format, less than an hour ago. — grawity_u1686, Commented May 28 at 13:13
Nit: OpenSSL 1.0 and 1.1 (both) write PKCS8 for genpkey; pkey; req -newkey; pkcs12 (import) and (almost uselessly) pkcs8 (from) but traditional for genrsa; rsa; gendsa; dsa; ecparam -genkey; ec. 3.x writes PKCS8 by default for genrsa; rsa and always for gendsa but not dsa; ecparam -genkey; ec. Only in 0.9.x did most commandline use traditional and even there you could explicitly do PKCS8. Otherwise stellar. — dave_thompson_085, Commented May 29 at 4:54

Stack Exchange Network

ssh-keygen fails to read key generated by itself

Reproduction

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged
ssh
encryption
openssh
openssl
ssh-keys
.

Hot Network Questions

ssh-keygen fails to read key generated by itself

Reproduction

1 Answer 1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged sshencryptionopensshopensslssh-keys.

Related

Hot Network Questions

Not the answer you're looking for? Browse other questions tagged
ssh
encryption
openssh
openssl
ssh-keys
.