User-defined DSS and RSA keys
Matt Johnston
matt at ucc.asn.au
Thu May 31 16:38:25 WST 2007
On Wed, May 30, 2007 at 01:37:55PM -0700, Chris Verges wrote:
> I'm creating an embedded system that will be using Dropbear as its SSH daemon. Several other programs that are on the system will also be using SSL keys to encrypt their traffic. In the interest of reducing the memory footprint, I'd like to generate one key pair and configure all of my daemons to use the same pair.
>
> When I was looking at the auto-generated DSS and RSA keys that Dropbear produces, they don't follow the same file format as what openssl generates. Is there some conversion step that needs to take place?
You should be able to convert a key using the "dropbearconvert"
program, eg "dropbearconvert openssh dropbear openssl.key dropbear.key"
or similar.
The format used by Dropbear is fairly similar to that
defined by the SSH spec (section 6.6 of rfc4253), but with
the private parts appended. See below. OpenSSH (and also one
of the modes of OpenSSL) uses PEM format keys. (That's what
I think is happening anyway).
There isn't any support to directly load keys PEM format keys,
though it probably wouldn't be that hard to include the
keyimport.c routines (which come from PuTTY) into the main
Dropbear binary. The resulting increase in memory use is
likely to be much more than the size of a private key
though.
Cheers,
Matt
File formats (as per SSH RFC notation):
string "ssh-rsa"
mpint e
mpint n
mpint d (private)
mpint p (private, not required, old keys don't have it)
mpint q (private, not required, old keys don't have it)
string "ssh-dss"
mpint p
mpint q
mpint g
mpint y
mpint x (private part)
>
> Thanks for the help!
> Chris
More information about the Dropbear
mailing list