1

Users of our C# application must send their public SSH key to an administrator in order to create a secure SSH connection using the SSH.NET library which is integrated into our software.

Since some users don't have access to the ssh-keygen tool, we are working on a method to create the private and public keys directly from within our software. Is there a recommended way on which key algorithms and formats to use and how to create them?

Currently, we use BouncyCastle to create ECDSA384 key-pairs in OpenSSL PEM format.

  • The private key should be compatible with SSH.NET according to their documentation (https://github.com/sshnet/SSH.NET#public-key-authentication).
  • The public key must be transformed to the OpenSSH format so that it can be added to the authorized_keys file. Unfortunately, it seems that the conversion can't be done using ssh-keygen -f openssl.pub -i > openssh.pub, right?

My questions:

  1. Is this the right way to do it?
  2. How to transform the public key from OpenSSL PEM to OpenSSH format?

Thanks for your help!

Thomas853
  • 517
  • 1
  • 7
  • 12
  • You didn't really show us how you create the key. Moreover if I understand your question correctly, you know how to create the key. Your problem is only how to get the *public* key in the format for `authorized_keys` file, right? This seems to be what you are looking for: https://stackoverflow.com/q/15457710/850848 – Martin Prikryl Jun 18 '23 at 17:29
  • Thanks Martin! The link seems to answer my second question! My first question is meant in a general way, i.e. does it make sense to create the keys on the client using BouncyCastle using ECDSA384 in OpenSSL format? Or is another approach or algorithm or file format recommended? – Thomas853 Jun 18 '23 at 17:38
  • .NET Core supports ECDSA384 natively I think, you don't need BouncyCastle – Charlieface Jun 18 '23 at 19:36
  • Thanks, @Charlieface, we are using .NET Framework 4.7.2. – Thomas853 Jun 18 '23 at 20:25
  • @Thomas853 That's quite broad question. I do not see what should be wrong about it. I do not think such question is fit for SO. – Martin Prikryl Jun 19 '23 at 05:04
  • Thanks, @MartinPrikryl! Concerning the second question: I checked your link and it's about converting an RSA PEM to OpenSSH format, while I need it for ECDSA. I couldn't find a good description of the OpenSSH file format and I have no idea how to make the conversion work for ECDSA. Do you have an idea how I could proceed? – Thomas853 Jun 19 '23 at 07:24
  • Sorry, I do not. – Martin Prikryl Jun 19 '23 at 07:51

0 Answers0