The Rust Programming Language Forum

How Generate SSH Public & Private Key Pair?

genedna November 18, 2017, 4:25pm 1

I Use openssl and pem generate SSH key, and got private key data. But I couldn't find a way encode public key data to PKIX format.

extern crate openssl;
extern crate pem;

use openssl::rsa::Rsa;
use pem::{Pem, encode};

fn main() {
  // Generate a new 4096-bit key.
  let rsa = Rsa::generate(4096).unwrap();

  let public_key = rsa.public_key_to_der().unwrap();
  let private_key = rsa.private_key_to_der().unwrap();

  let private_pem = Pem {
    tag: String::from("RSA PRIVATE KEY"),
    contents: private_key,
  };
  let private = encode(&private_pem);

  println!("{}", private);
}

The program will print private pem data like this,

-----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEA3xLeYYMmdqDrmqR07ja+Xe5l0CiIXlWLkg0igXxYNHqUMpto
M4XVmTTVYIfjKabf1Pj7ik+fJ+EMS8jcKq/wlEIbJtRFC+cqmZ3TlFYW+SqfEjKJ
P1SuGZV10umrQK2vau9A0HZC8DZ/Naq2DjeNlbuIvWI0Ivp9iy2hMzsDud/u4Y/1
JVJ3pxcWSKqmfPZ4r/qIeT0Y47k7i0Jls03eX1Fs3HcpHpIBRDFJ8pFb3CRGhtxI
V3LuLx616xKquxAPM/VOxIqmI1sSxz9DGNa2G3lm48DbxkvlqDdCuFTc8zNQteqI
Kt4OdZfBv5dbBuI4v47hnU4zkQ/LYMlr+m45Ys1YAsCq5fRbejB4BVLHvllVVYVR
gBrmPWZ9zAbTKGDl3093exF6anUR5Mn7svFwyGMLjWbkSoM+k97Vdd0swLGS2gui
A65qs4OvwtsgCMqULSQznFGxh/UoS3onZzW0V+XcLflCJkonY8uJqmsd6jO3h254
otkExKvPJYCmzBTe7NtDFbv0o3uqbZfqavWFkQ/ACSWjiDzNN+5KZp1o7gqr08aM
kMsSs3Fw9f6cCrVhEZHYCi3zaNzbDFoXPYKSrukdNmh+VyHcPXsjb377WPtfNHJ3
FNb1DpTFttbQCeDYcboHYQ9QYJ8NINuiSlKg4WCdTm3GEM9Ubk06ZKuSjNUCAwEA
AQKCAgAdDEH1BLT/gZjsfDnVwz8q0B5l6sFHN3CDRj6WCfEadFPT+zSocOcNmjmm
5ksIY3iGLR3kNtYMxVtqiu9Qh7SWOb17YuzSzflYI5snl8ZKD+jC393LZ2V8Y2AC
ZPct5vAOxrTz8FJrIU2TWXV3iHhhZRg7QQx0+ZVbiEeTej3T+HsM2Egd4g0+rtzx
/XbMkvPIRqF62B/jl31PdwfzP1KTqvC4DLRIDM8paBmvAoqpsfeVHB43dPnbHO6n
e7jLvx2bsHffVAaqV/OsCmrcUylHjpl9UuHLgpqXOwrvIe3bpXT/G1k768qKOYa7
QiRSUyb8msh6SXKhkyLyqYfsBmpmWuGkjPjdID+PkF0LnFY+iENlki2zjyG5Ys8G
O9M8NRpvPv+Y/67JkfcMKWtIDbfz+dyQC+QEhY4fDzc7oYr0Sxyb+n1MmbYw3W7A
rzmVS6iN9TJfvdBXnIpMN4sMXolXzOEzlvnZhr8AcL8bHocjLBLPD8F5TR+NHJGQ
AIB+X0zIorKkY8YbaZyFq3LvlG9DdgXzWSdw2Ihdez50yXLlh0ROHlfAwjjPSxd0
S5gVsa7HEu6f7GJbYfrUKLM4BF3dLoDCkgr+mgbXrFcf/Ek5uRrIHGPjniccVMzE
3OgEIq7EvnQI6swoKmccd0cgsN2aBAcDl3qqQGxg/H/joLjPgQKCAQEA/8Fvdkrn
Lf1Hon/wqmFTy9sjsR8nzkcIb6C4GsS6kWrSBp4uLWudMZSHKp6EXW0zpvyO4eke
kIhAksfpVxf38IvSbr55DwNiecKtWcNSd44wsvDvSVPLv4vP3hkro5GJTvd+G8OD
1JFjm8X4r+1nDYrzawyucfIZizdjGHMo/8n/VBfbz5h6ANTNPS0e3nDh1OpxzddE
t3SzOJruSftCGK/tnQKtpz2X6kStW4z2zFtg7isAJpZWNrUQsJICmXQQ2ptA9a1X
1L5BRzApqp+Sv35sYMfdIjIKFWXZgnovXjxm2AbQ7PJYjNjJPIu1CWFR1iKBSgfi
PIyIqmJj6UkO0QKCAQEA30lwPB0Y9Z+ocpfJ+3AcAOkSKgMEOIuDTV1RCCZtFJN1
oigTBFd6ge0iF9ntksD+z9dC5ogWmkKEF9klydu7ywUEZm9MQdje0al3PQT7wvqo
k5FcksXYJAkNORXaz5RtkgDuQUifroFyXX6VbKXfQ/4MOh8RqZUH/xhfSvgYcHrc
n/f1J/r+eLyR5X2NJNq7biXiPnTKZCHNYDGor1nIrZglMqlpaQUeSm9v16nTuORP
Ve5ZMTtcywoFZUOxmAJu46w5KLw4NMaUvEuyMt/xmcFtcOWiE5evuhOuPiu0odcI
/H8sCX89cz0TVclACHHPcnNfkslZYJsZJU6rfL1GxQKCAQEAouqCaRUPrGECB8Z9
9NqouVvvoX1aKvFes1Tq0cptmgI0pZiPi8lYSeP2MjTl1mmglIefMNMB8EmK8LU9
s4gGHYnD012r2d9rFGrpaBue5Z+C8AnAM7KYQHz8PdtEzB4CHHZVM7RYvsiabfkv
EEom8h6ILrHWUalJkkAG9OUuwbnX1qaYE+ZqGSt1Tbn3RvUbNjjdo6S0FjTVkYJH
toLCON2ge/rfyX/XzJhQ4deqwsSWu0BTCUGMy66NYhywYTXpIofxWk5Ae7lx9bn9
YL3jie4rdX77IzRC7hyB8LaKg/nv/T5iSf2aYKYbkmDgQohmzAQQ3aql97IBwJ+K
S2mJcQKCAQBhyCtaZ/OyPQTrigVuEx5wV6EYvNFwYchSbPc7dnh2dk0hgiMx141S
sKIph8o+Zj4wjrhBdH9RdqeaOgIOcCfBNKVEpqDihTKu5mPNWQ1XyaVhWlsL+5A3
167uvN9h4EJLmhS8ii1DonSO9QxC1DD9+ZcpLMnzVcx2rhmtHxC00VkkxNWbeJNQ
FGRf96eD6DYEepqld0faqeLiqVyRzePQAbzofsAmuZMWTc7QxxJs+a60lviAUtrE
H9NVEVwIkag2FAnECQkkM4KXIx8aoG+RQd/HfQiJQ/g0qMG5gDJOXXkV+isyzYH/
oVOCUeu0xwJtwJCuG3cEk2djqxv2OH1xAoIBAASx88vg7V3EwhBqqQRtSwnIZYhH
p+CIBInrSLJqWHrfCUae+IO6P7TAmkkgHtrTouHILY9vFiMX9KytjDGI463CJLPK
mD9RRzJl4tnKa5nPukINDOkRjErmS3UcO/lFRvQFSH8HUhk3Dwrtiuxpp/aqMMxa
VgXqpTUkGkZom42D8SuTcWuNQ8PfaaqDCGa0XRw0nJrxAlT1ov1Xao8wU/q5QfhO
IF3w+N/IhFx6Z2v21rlm9Eech5L6T3ZlItrSfBf7rYpHw+VhGgFcBXZZLr0OQT2A
shk5sPDyKzu0YFl/7afqb7H7D6Cb1Sm44L+P3CVxD7P13FCHdVtB2AAkmng=
-----END RSA PRIVATE KEY-----

1 Like

frehberg November 18, 2017, 8:19pm 2

PKIX is probably the binary DER format. You can transform PEM to DER the following way:

openssl x509 -in certificate.pem -inform pem -out certificate.der -outform der

genedna November 19, 2017, 4:05am 3

Yeah, I know the command. I just want to do it with Rust.

genedna December 2, 2017, 6:06am 4

Finally, I resolved the question.

Actually, I want to generate SSH2 format public key and PEM format private key for the SSH connection. There are some demo codes in my rust-learning repository. Also I am working on submitting some PRs into openssh-keys #9 .

1 Like

morgana November 2, 2021, 1:28pm 5

Hey there!
I have the exact same problem and the links you provided seem to be unavailable now. Do you remember the solution? Can you please share it with me too?

Never mind, found the new link: Found the new location: https://github.com/genedna/rust-learning/tree/master/os/ssh/keygen
Thanks!

Topic		Replies	Views	Activity
RSA Key pair generation in Rust help	7	639	February 18, 2024
Parsing a PEM file into raw bytes help	4	3783	December 24, 2020
[solved] Which crates to use for RSA key pair generation and signing/verification help	2	2251	January 12, 2023
Using openssl RSA to encrypt and decrypt but got the different results help	3	1735	February 25, 2022
How to decode private key from PEM and how to extract the Public Key help	21	2467	October 25, 2023