[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssh_pki_export_privkey_file ... ISSUE FOUND - only read this reply :)


On Tue, 17 Dec 2019 09:25:18 +0100
Jakub Jelen <jjelen@xxxxxxxxxx> wrote:

> On Mon, 2019-12-16 at 23:39 +0100, Torsten Kuehnel wrote:
> > I'm new to programming using libssh. 
> > 
> > When i take the keygen.c example file in the examples directory, it
> > fails during execution when i change the keytype.
> > 
> > [tdkuehnel@ multiboot examples]$ ./keygen 
> > Failed to write private key file[tdkuehnel@ multiboot examples]$ 
> > 
> > /*    rv = ssh_pki_generate(SSH_KEYTYPE_ED25519, 0, &key);*/
> >     rv = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
> > 
> > Do i miss additional steps in preparing the rsa key to be exported ?
> > 
> > Complete code:
> > 
> > #include <libssh/libssh.h>
> > #include <stdio.h>
> > 
> > int main(void)
> > {
> >     ssh_key key = NULL;
> >     int rv;
> > 
> >     /* Generate a new ED25519 private key file */
> > /*    rv = ssh_pki_generate(SSH_KEYTYPE_ED25519, 0, &key);*/
> >     rv = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
> >     if (rv != SSH_OK) {
> >         fprintf(stderr, "Failed to generate private key");
> > 	return -1;
> >     }
> > 
> >     /* Write it to a file testkey in the current dirrectory */
> >     rv = ssh_pki_export_privkey_file(key, NULL, NULL, NULL,
> > "testkey");
> >     if (rv != SSH_OK) {
> >         fprintf(stderr, "Failed to write private key file");
> > 	return -1;
> >     }
> > 
> >     return 0;
> > }
> 
> This exact code works for me just fine and generates the testkey file
> without any problem (with libssh-0.9.2-1.fc31.x86_64). Are you getting
> the error from the key generation or export function?
> 
> $ gcc -lssh keygen.c -o keygen
> $ ./keygen 
> $ echo $?
> 0
> $ cat testkey 
> -----BEGIN PRIVATE KEY-----
> [...]
> 
> 
> Regards,
> -- 
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
> 

Finally,

the gcrypt implementation of pki_private_key_to_pem function, which is called by ssh_pki_export_privkey_file for every key type not beeing SSH_KEYTYPE_ED25519, is empty, just returns NULL.

So switching to openssl (cmake parameter -DWITH_GCRYPT=0) solved the issue for me. 

cheers !
-- 
Torsten Kuehnel <tdkuehnel@xxxxxxxxxxxxxxxxxxxxx>

References:
ssh_pki_export_privkey_file for SSH_KEYTYPE_RSA key returns SSH_ERRORTorsten Kuehnel <tdkuehnel@xxxxxxxxxxxxxxxxxxxxx>
Re: ssh_pki_export_privkey_file for SSH_KEYTYPE_RSA key returns SSH_ERRORJakub Jelen <jjelen@xxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org