SSH key to use the non-symmetric encryption RSA algorithm, about the RSA algorithm, the following blog has a detailed description:
Http://www.ruanyifeng.com/blog/2013/06/rsa_algorithm_part_one.html
Here are just a few key points to describe the creation of the secret key:
- Randomly select two large prime numbers p and Q,p is not equal to Q, calculate N=PQ.
- R = (p-1) (Q-1) According to the Euler function
- Select an integer ethat is less than R, and find the e-modulo inverse element of module R, named D. (modulo inverse element exists, when and only if E with R coprime)
- The records of P and Q are destroyed.
Use (e, N) as the public key, (D,n) as the private key.
Here's how to get what we want from a public key or private key if we already have a public key and a private key: N, P,q,e,d.
To facilitate testing, a private key or public key:
/.ssh # ssh-keygen-t RSA
enter file in which to save the key (//.ssh/id_rsa):
enter same passphrase again:
your identification have been saved in//.ssh/id_rsa.
your public key had been saved in//.ssh/id_rsa.pub.
the key fingerprint is:
19:bf:69:0f : 99:27:CC:B4:10:35:3A:6B:1E:EF:EA:CC [email protected]
/.SSH # ls
id_rsa id_rsa.pub known_hosts Nohup.out
Id_rsa is the private key:
/.ssh # cat Id_rsa
-----BEGIN RSA PRIVATE KEY-----
MIICWWIBAAKBGQCRKIEHGYOWFKPFRBQA6/VLRKM4MJWN4HR/SJH7B2Q5F2DYPHJK
HAA8ECVFGF+ZVQD8F78MJCAX2F0RPR3HDBFGJYGZVQEWO9JZFWANL37ZIDALJIBD
8KOHZ13FVCDO9P/M0WMEK+AMXLA7QSXJTMMUIR+NRAJLRIMQZF4TLMFU/QIBIWKB
Gqchwsjte6voow1xokt4ebljjqotqiabt+dws6t4cfbpax6yqa2u2hq8s0t4yxhn
qxlxukzq6osoxk+fq9ead+fgz0hajayi7hfrzvsdt+3uq/g6cn819x+/5bfxe5v/
4OTUTWFESO4JUS6FP0Q/IHTUSS2FUYCVJS0SVZX33KAEPWJBAN1Z1PYYVGU0U2VJ
Sos2kglholqocukudrr7pfscnppnwnpy3nvwz+2wlhtyclnoo0xlymbmew2p4/ho
XQ/+ZICCQQDGA5WFKQXOFCQG4US9FDVEJ639Q+2H2W3VEWPREC5JB5ZAEY0RBNBJ
Weqedgx+lxgvy1a5e8uaavjubhcawxdbakaztbig7ojutyxfs5nofn19aj5waaal
RXEGVZPH1GNLBH8U5ZXER1XVQS8JS+/PBJKPTXY25YQBJMMX/UX220QTAKBMC3TC
1b4zvc/wztyjeorwd2dlzmnajrp3s571cdfbkhkorgbfrscl7dnjkvxexfi9jrul
rvezmkey7s0czfunakeas88igtjldgx31hv3axt3ycwwiika8i5ezfxzmv2l4x6a
ix5mzetyi7lkhsde8b+x67l3l46teed95qlx9be7kg==
-----END RSA PRIVATE KEY-----
Id_rsa.pub is the public key:
/.SSH # Cat Id_rsa.pub
Ssh-rsa aaaab3nzac1yc2eaaaabiwaaaieaq5chh4mjshyqrawamuv75uzjudcvjeiuf0ox+29qux9nwkryzb2gpbhfrybfs1anfh+/ diwgf9hdeaa94xw34i8hs76hmdvswx1gjy9+84g2psym3fcqiwdd31xa6pt/znmjnivgdfy2u6ksy7zjlokfjuwoy0sdegree5th1p0= [Email Protected
The syntax structure of the RSA key is defined in document RFC3447, and the syntax structure of the private key is as follows:
Rsaprivatekey:: = SEQUENCE {version version, modulus integer,--n publicexponent Integer,--e privateexponent integer, --D prime1 Integer,--P prime2 Integer,--Q exponent1 Integer,--D mod (p-1) Exponent2 INTEGER,--D mod (q-1) coeffic Ient INTEGER,--(Inverse of Q) mod p Otherprimeinfos otherprimeinfos OPTIONAL}
Version is the release number of RSA, and the key version number used in this article is 0, or 1 if the key is using a multiple prime (more than 2 primes) version number.
Modulus is the composite modulo n of RSA.
Publicexponent is the public power e of RSA.
Privateexponent is the private power of RSA D.
Prime1 is the prime factor p of N.
Prime2 I is the prime factor Q of N.
Exponent1 equals D mod (p−1).
Exponent2 equals D mod (q−1).
Coefficient is the CRT coefficient q–1 mod p.
Otherprimeinfos contains information about other prime r3,......,ru in order. If version is 0, it should be ignored, and if version is 1, it should contain at least one instance of Otherprimeinfo.
The syntax structure of the RSA public key is as follows, and the factor information required for the visible public key is contained in the private key.
Rsapublickey:: = SEQUENCE {modulus integer,--n publicexponent integer--e}
OpenSSH's RSA key file body uses DER Encoding, and the JDK provides derinputstream to parse DER-encoded strings. So the OpenSSH key parsing is very simple, first read the key, filter out the start and end flag, the file header (if the encrypted key needs to determine the decryption method based on the file header information, because this article uses an unencrypted key to remove the file header), and then use DER InputStream to resolve the key, The code is as follows:
Beginning with Ssh-rsa, describes the form of the end of "RSA-1024", which is Base64 encoded in the middle.
This filters out other parts except Base64, decoding Base64 to get the binary contents of the public key.
Here the binary encoding format is as follows:
First 11 bytes Fixed
0 0 0 7 ' s ' s ' h '-' R ' s ' a '
Immediately following 4 bytes is an int value representing the byte length of the public exponent
The conversion can be achieved by means of a shift character and addition or BigInteger.
After the length is obtained, the length byte is read from the next byte as the value of the public exponent, and the corresponding BigInteger is constructed.
Followed by 4 bytes is also an int value, which represents the byte length of modulus, and the same conversion to get the length.
The modulus value can then be obtained by reading the byte array in length.
Not finished, to be continued ...
SSH primary key and public key parsing