Hello, GNU lsh hackers!
I would like to try out lsh, but I'm currently stuck with a problem: in the real world I authenticate to most of my remote hosts via a public key. Is there any chance to convert my current OpenSSH key to a format, usable by lsh? I know there is no an authomatic tool for doing that, but I would do it manually if there is a known method of doing it.
If not, is there a way to convert a key pair in the opposite direction -- from lsh to OpenSSH format? If there is, I can simply generate a new key pair with lsh and use it both with lsh and OpenSSH.
Kaloian Doganov kaloian@doganov.org writes:
Is there any chance to convert my current OpenSSH key to a format, usable by lsh?
There are unfortunately no tools for converting private keys, and since you generally don't move private keys around, the format for private keys is usually thought of as out of the scope for the ssh standard.
I know there is no an authomatic tool for doing that, but I would do it manually if there is a known method of doing it.
If you can get openssh to output the private key in human readable form (unencrypted, and with the various bignums written in hex, say), you can probably assemble a key in sexp-form that is usable with lsh, using the human-friendly "advanced" flavor of sexp-syntax. Some things to keep in mind:
1. bignums in sexp are signed, which means that you need to add a zero octet in front of any number whose most significant bit of the most significant byte is one.
2. openssh and lsh might use different conventions for the additional information for RSA private keys (the bare minimum is just n and the secret exponent d, but for the crt optimization, you also keep the factors p, q and a few other precomputed numbers). lsh's conventions come from the spki spec, openssh's probably come from pkcs#1. I expect these to be compatible, but I don't remember for sure.
Then pass the result to
sexp-conv -s canonical | lsh-writekey
to split it into public and private halves, and reencrypt the private key.
Or you could try hacking the lsh-decode-key program to recognize (unencrypted) openssh private keys.
If not, is there a way to convert a key pair in the opposite direction -- from lsh to OpenSSH format? If there is, I can simply generate a new key pair with lsh and use it both with lsh and OpenSSH.
In this case, you need only convert the public half of the key. That's a supported mode of operation. Generate a new key in the usual way (lsh-keygen | lsh-writekey), then use
lsh-export-key < .lsh/identity.pub
to convert it to ietf standard format, or
lsh-export-key --openssh < .lsh/identity.pub
for openssh's one-line format.
Regards, /Niels