How to convert ssh-rsa key to loadable botan's X509

convert.md

So I need to load the X509 key generated from ssh-keygen.

e.g.

$ ssh-keygen -t rsa -b 1024 -C "bla@bla.com"

PUBLIC

The public key:

$ cat test.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqo7znzVRvrDtfA1VxtUsY2Nvq4IJ8ONgYgBeBmIBwG4zIJbATYHlQWAmUHOV6EaPWG8FBo3LXr/rEm5C3HTgx5lc2hLNf+DqnO1/r1aZf+h5iH0dLEOfhCYcdf+i7879oCMuYRtyTmuXYbB0Ptk9H+EPPmNCDC326sI+n3v3/hxozEVYJiwkxJ3YYxjH5eJC5pks72m+U7mxWfMg/P2y8oUDYPHSnDGezScZ0UKovbooHiZjndSKbO9SXFKrBPM8MiIfNvDXLjbYlxt8LwYhqCXyvm0WvDrBYUIm/yA0AUjubgmOTqgz9o0fN0HHimg9ujZe3IpE0IP5vbXNuo5h7 root@SPSE4BETA

Convert it to pkcs8

$ ssh-keygen -f apendo4_rsa.pub -e -m pkcs8 > test-pkcs8.pub
$ cat test-pkcs8.pub
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqO8581Ub6w7XwNVcbVL
GNjb6uCCfDjYGIAXgZiAcBuMyCWwE2B5UFgJlBzlehGj1hvBQaNy16/6xJuQtx04
MeZXNoSzX/g6pztf69WmX/oeYh9HSxDn4QmHHX/ou/O/aAjLmEbck5rl2GwdD7ZP
R/hDz5jQgwt9urCPp979/4caMxFWCYsJMSd2GMYx+XiQuaZLO9pvlO5sVnzIPz9s
vKFA2Dx0pwxns0nGdFCqL26KB4mY53UimzvUlxSqwTzPDIiHzbw1y422JcbfC8GI
agl8r5tFrw6wWFCJv8gNAFI7m4Jjk6oM/aNHzdBx4poPbo2XtyKRNCD+b21zbqOY
ewIDAQAB
-----END PUBLIC KEY-----

Observe the converted pkcs8 key.

$ openssl rsa -pubin -in test-pkcs8.pub -text -noout
Public-Key: (2048 bit)
Modulus:
    00:aa:a3:bc:e7:cd:54:6f:ac:3b:5f:03:55:71:b5:
    4b:18:d8:db:ea:e0:82:7c:38:d8:18:80:17:81:98:
    80:70:1b:8c:c8:25:b0:13:60:79:50:58:09:94:1c:
    e5:7a:11:a3:d6:1b:c1:41:a3:72:d7:af:fa:c4:9b:
    90:b7:1d:38:31:e6:57:36:84:b3:5f:f8:3a:a7:3b:
    5f:eb:d5:a6:5f:fa:1e:62:1f:47:4b:10:e7:e1:09:
    87:1d:7f:e8:bb:f3:bf:68:08:cb:98:46:dc:93:9a:
    e5:d8:6c:1d:0f:b6:4f:47:f8:43:cf:98:d0:83:0b:
    7d:ba:b0:8f:a7:de:fd:ff:87:1a:33:11:56:09:8b:
    09:31:27:76:18:c6:31:f9:78:90:b9:a6:4b:3b:da:
    6f:94:ee:6c:56:7c:c8:3f:3f:6c:bc:a1:40:d8:3c:
    74:a7:0c:67:b3:49:c6:74:50:aa:2f:6e:8a:07:89:
    98:e7:75:22:9b:3b:d4:97:14:aa:c1:3c:cf:0c:88:
    87:cd:bc:35:cb:8d:b6:25:c6:df:0b:c1:88:6a:09:
    7c:af:9b:45:af:0e:b0:58:50:89:bf:c8:0d:00:52:
    3b:9b:82:63:93:aa:0c:fd:a3:47:cd:d0:71:e2:9a:
    0f:6e:8d:97:b7:22:91:34:20:fe:6f:6d:73:6e:a3:
    98:7b
Exponent: 65537 (0x10001)

Then convert it to x509

$ openssl rsa -pubin -in test-pkcs8.pub -outform pem > test-x509.pem

Hence you can load it from your cpp:

#include <iostream>
#include <botan/botan.h>
#include <botan/x509cert.h>
#include <botan/auto_rng.h>

using namespace Botan;

int main () {

    AutoSeeded_RNG rng;

    try {
        Public_Key *key = X509::load_key("path/to/test-x509.pem");
    }
    catch(std::exception& e) {
        std::cerr << e.what() << std::endl;
    }
    return 0;
}

PRIVATE

When your partner is using java. You should use the private key in der format. E.g. test_private_key is the generated private key. Hence:

openssl pkcs8 -topk8 -inform PEM -outform DER -in test_private_key -out test_private_key.der -nocrypt

The java code to read the private key as pkcs8, in der format is as follow:

import java.io.*;
import java.security.*;
import java.security.spec.*;

public class PrivateKeyReader {

  public static PrivateKey get(String filename)
    throws Exception {
    
    File f = new File(filename);
    FileInputStream fis = new FileInputStream(f);
    DataInputStream dis = new DataInputStream(fis);
    byte[] keyBytes = new byte[(int)f.length()];
    dis.readFully(keyBytes);
    dis.close();

    PKCS8EncodedKeySpec spec =
      new PKCS8EncodedKeySpec(keyBytes);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    return kf.generatePrivate(spec);
  }
}

@diorahman do you know how to do that in js?

That doesn't work.

$ ssh-keygen -f ~/.ssh/id_rsa_sonic.pub -e -m pkcs8 > id_sonic.pem
After that I take that file and convert it
openssl rsa -pubin -in id_sonic.pem -outform pem > id_sonic1.pem
And when I do cat on both I see the same content, no
---- BEGIN CERTIFICATE ----