Last modified: 2014-03-06 08:47:50 UTC
On OAuth consumer registration page public keys generated with OpenSSH are not accepted. Details: 1. key generated with ~$ ssh-keygen -t rsa (2048 bit, RSA v2) 2. converted public key to PEM ~$ ssh-keygen -f .ssh/id_rsa.pub -e -m PEM 3. resulting key is not accepted -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEA0eAtAFJUMxcJHmzJc2piWfFP2teIu99yqM0zZNl60H65M+bQ7ZnF p2AqIFlmPTKUQYYq22YzEkTEL37WC3L6ISUfkJ5iFOD7tkCtjX2cUiIKTY2VnJry 9JX7IcxfM/CcOB4xdSwzhsi82ERlQSd8B1RreSbRHuCn6Y6gXkO5kYfx3CoX8PRx h4vj7uDHBLnsPDhYmhWZvxhZNBJwCieFnOwpVcAH+lSZq+LWeb0gcOjZnmbCZCm3 RyMVLSob6DjFdPuVzSEyeyZL57NjyxcCDcpFU2dSLAUxw87x3Jid7rxbmUqC2OK9 YAoN37ZvoDC3/S5ixkdqGsUJpUh4oQYpNwIDAQAB -----END RSA PUBLIC KEY----- Regards Hedonil
The key is used by the openssl_get_publickey function. I'll see if I can find a way to turn an ssh key into one that openssl accepts. In the meantime, you can generate a key with: $ openssl genrsa -out appkey.pem 4096 $ openssl rsa -in appkey.pem -pubout > appkey.pub
I just had a look at this, and apparently what ssh-keygen calls "pem" is not what openssl thinks of as pem. If you use "ssh-keygen -f .ssh/id_rsa.pub -e -m pkcs8" instead, that seems to work when I try it locally. Still, why not just use openssl genrsa to generate the key?
Working with plain openssl does the trick, as suggested here and earlier in IRC. I just mentioned it because there was no clear hint in the submission form what was wrong with my SSL v2 key and we've experienced multiple incompatibilities with rsa keys before Just to mention: - Many windows users use PuTTYGen rsa keys, but they are not compatible with some applications like MySQL Workbench - recommended way to create new keys for tool labs is OpenSSL ssh-keygen - now we have OAuth with OpenSSH It would just be more convenient (at least for me) if there would be less keys to manage ;) Thx for the suggestions. I will try the -m pkcs8, too. Hedonil
(In reply to comment #3) > Working with plain openssl does the trick, as suggested here and earlier in > IRC. I just mentioned it because there was no clear hint in the submission > form > what was wrong with my SSL v2 key and we've experienced multiple > incompatibilities with rsa keys before > > Just to mention: > > - Many windows users use PuTTYGen rsa keys, but they are not compatible with > some applications like MySQL Workbench > > - recommended way to create new keys for tool labs is OpenSSL ssh-keygen > > - now we have OAuth with OpenSSH > > It would just be more convenient (at least for me) if there would be less > keys > to manage ;) > > Thx for the suggestions. I will try the -m pkcs8, too. > > Hedonil typo OpenSSH <-> OpenSSL ; but you know what is meant.
yeah, this caused enormous headache for me when I was registering because I couldn't for the life of me figure out what format it wanted (especially with the errors that kept coming). In the end Chris pointed me to his developer tutorial on https://www.mediawiki.org/wiki/OAuth/For_Developers which has an example using openssh which, while easy, is not what I think most people would gravitate too given they keys we use elsewhere. On a mostly unrelated note we should probably find a good place to link to https://www.mediawiki.org/wiki/OAuth/For_Developers ... right now the only thing that does is some training notes in Chris' userspace...