On Fri, Apr 13, 2007 at 02:33:36PM -0700, Nathaniel Smith wrote:
> I believe it's actually exactly the same format that ssh uses by
> default... but maybe different headers or something? (It has some
> official name too, some complicated acronym...)
This is probably more inforamation than you wanted:
There's a standard (of sorts) named PKCS #1 specifies the format of an
RSA key (ie what numbers are included in the file, what order,
etc). If it's an "RSA PRIVATE KEY", it's just the bare PKCS #1 struct
base64'ed. If it's an "ENCRYPTED PRIVATE KEY", it's PKCS #1 with some
crypto wrapper goop from PKCS #8 (though actually any sort of key, eg
DSA or DH could be in there, however I guess Monotone can ignore that
possibility since it only generates RSA keys). If it's "RSA PRIVATE
KEY" with something like "Proc-Type: 4,ENCRYPTED", it's PKCS #1
wrapped in some sort of undocumented (AFAIK) OpenSSL-specific format.
The OpenSSL decoder functions handle all three transparnetly, IIRC,
which is why ssh-agent accepts all of them without problems. If you
guys have some burning need to get the OpenSSL format I can probably
whip up something to encode/decode RSA keys sometime in the next
couple of weeks. http://netsieben.com/products/sshlib/ might already
have an implementation of it, but I haven't checked.