2

In Ubuntu, i can convert a Pub key from OpenSSH-format to PKCS8 format by command:

ssh-keygen -e -f .ssh/id_rsa.pub -m PKCS8

But in CentOS 6.4, when i execute the same command, it notice:

ssh-keygen: illegal option -- m

I read man-page of ssh-keygen on Centos 6.4 and saw that it does not have option "-m". Then, how can I accomplish the same task on Centos 6.4?

Thank you very much!

Locke
  • 91
  • 4
  • 7

1 Answers1

2

In RHEL systems and derivatives, you can use openssl for this task:

# openssl pkcs8 --help
Usage pkcs8 [options]
where options are
-in file        input file
-inform X       input format (DER or PEM)
-passin arg     input file pass phrase source
-outform X      output format (DER or PEM)
-out file       output file
-passout arg    output file pass phrase source
-topk8          output PKCS8 file
-nooct          use (nonstandard) no octet format
-embed          use (nonstandard) embedded DSA parameters format
-nsdb           use (nonstandard) DSA Netscape DB format
-noiter         use 1 as iteration count
-nocrypt        use or expect unencrypted private key
-v2 alg         use PKCS#5 v2.0 and cipher "alg"
-v1 obj         use PKCS#5 v1.5 and cipher "alg"
-engine e       use engine e, possibly a hardware device.

Moreover, the pkcs8(1) manpage provides several examples.

openssl pkcs8 -topk8 -in private.key.pem -out private.key.pk8.pem -v2 des3

This Q/A in the SEC.SE site provides a very detailed description of this process and the cryptography involved.

Community
  • 1
dawud
  • 15,096
  • 3
  • 42
  • 61
  • 3
    "Normally a PKCS#8 private key is expected on input and a traditional format private key will be written. With the -topk8 option the situation is reversed: it reads a traditional format private key and writes a PKCS#8 format key." <-- I want convert public key, not private key. (PS: i use command you suggest, but it eror: "unable to load key") – Locke Sep 10 '13 at 04:00