Public key format

[hongbo-miao]

ssh-keygen

Based on the doc, when I generate the key pair by

ssh-keygen -t rsa -b 4096 -m pem

My private key looks like

-----BEGIN RSA PRIVATE KEY-----
xxxxx
-----END RSA PRIVATE KEY-----

My public key looks like

ssh-rsa xxx== some@xx

My opal-server can be secured correctly.

The doc also mentions this.

For public keys, it should be something like this:

export OPAL_AUTH_PUBLIC_KEY=ssh-rsa XXX ... XXX== some@one.com

Above method is using PKCS#1.

openssl

Now, I try to generate a key pair by openssl. Here is some info regarding openssl.

# generate a private key
openssl genrsa -out=private-key.pem 4096

# generate corresponding public key
openssl rsa -in=private-key.pem -outform=PEM -pubout -out=public-key.pem

This time my private key looks like

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,0C3B5D00E8DAF3B5

xxx
-----END RSA PRIVATE KEY-----

My public key looks like

-----BEGIN PUBLIC KEY-----
xxx
-----END PUBLIC KEY-----

However, somehow opal-server does not support this way. Because when I try to get a opal-client JWT token, it returns

opal server was not configured with security, cannot generate tokens!

Does opal-server only supports this following format for public key?

ssh-rsa xxx== some@xx

Another question, besides PKCS#1, does opal-server support PKCS#8 which can be generated by this way.

Thanks!

[asafc]

You need OPAL_AUTH_PUBLIC_KEY_FORMAT and OPAL_AUTH_PRIVATE_KEY_FORMAT defined here (public) and here (private).

They are both of this enum type: EncryptionKeyFormat.

We might be able to easily add more types to this enum, depending if they are supported by the python cryptography library, which we use in our casting method.