问题
I am generating a DSA key with the below command:
ssh-keygen -t dsa
Then I try to sign data using bouncycastle API like that:
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
String privateKeyContent = // the content of the generated file
//init privateKey
byte[] pemContent = null;
PEMParser pemParser = new PEMParser(new StringReader(privateKeyContent));
Object pemObject = pemParser.readObject(); // throws
And getting this exception
java.io.IOException: unrecognised object: OPENSSH PRIVATE KEY
So I have been trying to convert the key file to PEM, using this example, and executing:
ssh-keygen -e -f key -m PEM > key.pem
But I am getting an error:
do_convert_to_pem: unsupported key type DSA
Any ideas on how to solve this?
回答1:
There are a few things going on here.
You are generating keys using a pretty recent version of OpenSSH (which is good). These are now output in OpenSSH's new key format which the BouncyCastle API does not recognise as its a custom format.
You are generating a DSA key. OpenSSH deprecated use of DSA as it's not considered as secure as the other private key types provided like RSA, ECDSA, ED25519 etc. So whilst its letting you generate the key; its not letting you convert it.
I would recommend that you change the key type to an RSA key with 2048 bits (minimum). That will, however, not stop the BouncyCastle API error because it will still be in the new OpenSSH format.
It really depends on what you are doing with the key. If you not using it within an SSH API to authenticate to remote servers and simply want to sign data with BouncyCastle API then you would be better off generating the key using OpenSSL with the command
openssl genrsa -out private.pem 2048
This key should then be recognised by the BouncyCastle API.
来源:https://stackoverflow.com/questions/55581675/how-to-work-with-openssh-private-key-in-java