Search code examples
javabouncycastlessh-keyspublic-keyauthorized-keys

How to do I convert the PublicKey to OpenSSH authorized_keys format

Here is the code to get the public key. I need to convert the public key to OpenSSH format to add it to the authorized_keys file in Linux. How can I do that?

KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA", "BC");
kpGen.initialize(1024, new SecureRandom());
KeyPair keypair = kpGen.generateKeyPair();

I did use PEMWriter. But it didn't give the output string in proper format.

Solution

  • @gotoalberto's answer for a different question:

    If you want reverse the process, i.e. encode a PublicKey Java object to a Linux authorized_keys entry format, one can use this code:

    /**
 * Encode PublicKey (DSA or RSA encoded) to authorized_keys like string
 *
 * @param publicKey DSA or RSA encoded
 * @param user username for output authorized_keys like string
 * @return authorized_keys like string
 * @throws IOException
 */
public static String encodePublicKey(PublicKey publicKey, String user)
        throws IOException {
    String publicKeyEncoded;
    if(publicKey.getAlgorithm().equals("RSA")){
        RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
        ByteArrayOutputStream byteOs = new ByteArrayOutputStream();
        DataOutputStream dos = new DataOutputStream(byteOs);
        dos.writeInt("ssh-rsa".getBytes().length);
        dos.write("ssh-rsa".getBytes());
        dos.writeInt(rsaPublicKey.getPublicExponent().toByteArray().length);
        dos.write(rsaPublicKey.getPublicExponent().toByteArray());
        dos.writeInt(rsaPublicKey.getModulus().toByteArray().length);
        dos.write(rsaPublicKey.getModulus().toByteArray());
        publicKeyEncoded = new String(
                Base64.encodeBase64(byteOs.toByteArray()));
        return "ssh-rsa " + publicKeyEncoded + " " + user;
    }
    else if(publicKey.getAlgorithm().equals("DSA")){
        DSAPublicKey dsaPublicKey = (DSAPublicKey) publicKey;
        DSAParams dsaParams = dsaPublicKey.getParams();

        ByteArrayOutputStream byteOs = new ByteArrayOutputStream();
        DataOutputStream dos = new DataOutputStream(byteOs);
        dos.writeInt("ssh-dss".getBytes().length);
        dos.write("ssh-dss".getBytes());
        dos.writeInt(dsaParams.getP().toByteArray().length);
        dos.write(dsaParams.getP().toByteArray());
        dos.writeInt(dsaParams.getQ().toByteArray().length);
        dos.write(dsaParams.getQ().toByteArray());
        dos.writeInt(dsaParams.getG().toByteArray().length);
        dos.write(dsaParams.getG().toByteArray());
        dos.writeInt(dsaPublicKey.getY().toByteArray().length);
        dos.write(dsaPublicKey.getY().toByteArray());
        publicKeyEncoded = new String(
                Base64.encodeBase64(byteOs.toByteArray()));
        return "ssh-dss " + publicKeyEncoded + " " + user;
    }
    else{
        throw new IllegalArgumentException(
                "Unknown public key encoding: " + publicKey.getAlgorithm());
    }
}

    The @gotoalberto's code is implemented for RSA and DSA keys only. If you need other keys, you have to add them yourself.