Simple tool for converting SSH keys
If SSH keys are created without Bouncy Castle, the keys are stored in a non-standard format. These can be read back in and converted back to standard OpenSSH format through the use of this tool. This may be used by anyone trying to support new key types after installing Bouncy Castle. Change-Id: I52c00fcd44a55c855b5e3a6ebac1283f860e08b8
This commit is contained in:
parent
6add9edc1e
commit
bd3b9958a6
89
contrib/convertkey/pom.xml
Normal file
89
contrib/convertkey/pom.xml
Normal file
@ -0,0 +1,89 @@
|
|||||||
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
|
||||||
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
|
<groupId>com.googlesource.gerrit</groupId>
|
||||||
|
<artifactId>convertkey</artifactId>
|
||||||
|
<version>0.0.1-SNAPSHOT</version>
|
||||||
|
<packaging>jar</packaging>
|
||||||
|
|
||||||
|
<name>convertkey</name>
|
||||||
|
<url>http://maven.apache.org</url>
|
||||||
|
|
||||||
|
<build>
|
||||||
|
<plugins>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-dependency-plugin</artifactId>
|
||||||
|
<version>2.8</version>
|
||||||
|
<executions>
|
||||||
|
<execution>
|
||||||
|
<id>copy-dependencies</id>
|
||||||
|
<phase>prepare-package</phase>
|
||||||
|
<goals>
|
||||||
|
<goal>copy-dependencies</goal>
|
||||||
|
</goals>
|
||||||
|
<configuration>
|
||||||
|
<outputDirectory>${project.build.directory}/lib</outputDirectory>
|
||||||
|
<overWriteReleases>false</overWriteReleases>
|
||||||
|
<overWriteSnapshots>false</overWriteSnapshots>
|
||||||
|
<overWriteIfNewer>true</overWriteIfNewer>
|
||||||
|
</configuration>
|
||||||
|
</execution>
|
||||||
|
</executions>
|
||||||
|
</plugin>
|
||||||
|
<plugin>
|
||||||
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
|
<artifactId>maven-jar-plugin</artifactId>
|
||||||
|
<version>2.4</version>
|
||||||
|
<configuration>
|
||||||
|
<archive>
|
||||||
|
<manifest>
|
||||||
|
<addClasspath>true</addClasspath>
|
||||||
|
<classpathPrefix>lib/</classpathPrefix>
|
||||||
|
<mainClass>com.googlesource.gerrit.convertkey.ConvertKey</mainClass>
|
||||||
|
</manifest>
|
||||||
|
</archive>
|
||||||
|
</configuration>
|
||||||
|
</plugin>
|
||||||
|
</plugins>
|
||||||
|
</build>
|
||||||
|
|
||||||
|
<properties>
|
||||||
|
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
|
||||||
|
</properties>
|
||||||
|
|
||||||
|
<dependencies>
|
||||||
|
<dependency>
|
||||||
|
<groupId>junit</groupId>
|
||||||
|
<artifactId>junit</artifactId>
|
||||||
|
<version>3.8.1</version>
|
||||||
|
<scope>test</scope>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.apache.sshd</groupId>
|
||||||
|
<artifactId>sshd-core</artifactId>
|
||||||
|
<version>0.14.0</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle</groupId>
|
||||||
|
<artifactId>bcprov-jdk15on</artifactId>
|
||||||
|
<version>1.52</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.bouncycastle</groupId>
|
||||||
|
<artifactId>bcpkix-jdk15on</artifactId>
|
||||||
|
<version>1.52</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.jcraft</groupId>
|
||||||
|
<artifactId>jsch</artifactId>
|
||||||
|
<version>0.1.53</version>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.slf4j</groupId>
|
||||||
|
<artifactId>slf4j-nop</artifactId>
|
||||||
|
<version>1.7.12</version>
|
||||||
|
</dependency>
|
||||||
|
</dependencies>
|
||||||
|
</project>
|
@ -0,0 +1,73 @@
|
|||||||
|
// Copyright (C) 2015 The Android Open Source Project
|
||||||
|
//
|
||||||
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
// you may not use this file except in compliance with the License.
|
||||||
|
// You may obtain a copy of the License at
|
||||||
|
//
|
||||||
|
// http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
//
|
||||||
|
// Unless required by applicable law or agreed to in writing, software
|
||||||
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
// See the License for the specific language governing permissions and
|
||||||
|
// limitations under the License.
|
||||||
|
|
||||||
|
package com.googlesource.gerrit.convertkey;
|
||||||
|
|
||||||
|
import com.jcraft.jsch.HostKey;
|
||||||
|
import com.jcraft.jsch.JSchException;
|
||||||
|
|
||||||
|
import org.apache.sshd.common.util.Buffer;
|
||||||
|
import org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider;
|
||||||
|
|
||||||
|
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.io.StringWriter;
|
||||||
|
import java.security.KeyPair;
|
||||||
|
import java.security.GeneralSecurityException;
|
||||||
|
|
||||||
|
public class ConvertKey {
|
||||||
|
public static void main(String[] args)
|
||||||
|
throws GeneralSecurityException, JSchException, IOException {
|
||||||
|
SimpleGeneratorHostKeyProvider p;
|
||||||
|
|
||||||
|
if (args.length != 1) {
|
||||||
|
System.err.println("Error: requires path to the SSH host key");
|
||||||
|
return;
|
||||||
|
} else {
|
||||||
|
File file = new File(args[0]);
|
||||||
|
if (!file.exists() || !file.isFile() || !file.canRead()) {
|
||||||
|
System.err.println("Error: ssh key should exist and be readable");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
p = new SimpleGeneratorHostKeyProvider();
|
||||||
|
// Gerrit's SSH "simple" keys are always RSA.
|
||||||
|
p.setPath(args[0]);
|
||||||
|
p.setAlgorithm("RSA");
|
||||||
|
Iterable<KeyPair> keys = p.loadKeys(); // forces the key to generate.
|
||||||
|
for (KeyPair k : keys) {
|
||||||
|
System.out.println("Public Key (" + k.getPublic().getAlgorithm() + "):");
|
||||||
|
// From Gerrit's SshDaemon class; use JSch to get the public
|
||||||
|
// key/type
|
||||||
|
final Buffer buf = new Buffer();
|
||||||
|
buf.putRawPublicKey(k.getPublic());
|
||||||
|
final byte[] keyBin = buf.getCompactData();
|
||||||
|
HostKey pub = new HostKey("localhost", keyBin);
|
||||||
|
System.out.println(pub.getType() + " " + pub.getKey());
|
||||||
|
System.out.println("Private Key:");
|
||||||
|
// Use Bouncy Castle to write the private key back in PEM format
|
||||||
|
// (PKCS#1)
|
||||||
|
// http://stackoverflow.com/questions/25129822/export-rsa-public-key-to-pem-string-using-java
|
||||||
|
StringWriter privout = new StringWriter();
|
||||||
|
JcaPEMWriter privWriter = new JcaPEMWriter(privout);
|
||||||
|
privWriter.writeObject(k.getPrivate());
|
||||||
|
privWriter.close();
|
||||||
|
System.out.println(privout);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user