[paramiko] validating openssh public key
james bardin
jbardin at bu.edu
Mon Mar 2 16:21:50 PST 2009
Hi Jonathan,
2009/3/2 Jon Sabo <jonathan.sabo at gmail.com>:
> List,
>
> Are there any parts of paramiko that can assist in validating openssh public
> keys? I wrote a simple menu system to allow myself (or others) to paste in
> a public key and have it written to a file. I want to be able to validate
> certain properties of the public key like number of bits, type (dsa,rsa),
> and make sure its in the correct format. Any advice, tips, code, links...?
>
Had a little more time to look into this, and this is what paramiko checks:
The data portion of the keyfile is decoded from base64, or it fails
with a base64.binascii.Error
The first 4 bytes are unpacked (an int), and returns 7, which is the
length of the following string (I guess this could change, but we only
support ssh-rsa and ssh-dss, both 7 characters).
so basically:
In [21]: openssh_pubkey = open('keyfile').read()
In [22]: type, key_string, comment = openssh_pubkey.split()
In [23]: data = base64.decodestring(key_string)
In [24]: data[4:11] == type
Out[24]: True
-jim
More information about the paramiko
mailing list