Generating RSA Keys

Options
rwxjon
rwxjon
Community Member
in SSH

Hi, I am trying to generate a couple of keys to sign some URLs in cloudfront, according to the aws documentation, using the commands to generate the keys works perfectly,

openssl genrsa -out private_key.pem 2048 <-- private key

openssl rsa -pubout -in private_key.pem -out public_key.pem <-- public key

the problem is when I generate them in 1Password, I specify RSA type and a lenght of 2048, but the public key that generates is different, compare with the one I create manually.

the ones I generate manually start with a header -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----

Example of a manually generated key
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3K+LBj3pC4JaQD48r8E QhI9YaSoO3PBDmiTQyOrVxY7JJQqv31aYCManKNupe9H/geK7HHzoNkFeyIq+rTB 9KaD3a2tLFZs6T6IsT0UBlzFNNjC1lSrGYOKaF31n+hEWrtLMG0m8f/cahT8/Syq yG8IfpdpF7zLqWbdGt7JS9+Qj0hfLIt8SDlJ92gs9A5giY3VyRlteMk/l3Ky80Te YdReUqw8EoVUcT81uRp6KgPqpgJ4YMvMsaVnfu2xzJJan4ydByF0Djvzx0PQbNuu F1xIDJqJv7VQI/vQsiqjm7To60ybZJUMrARgkpTp9tPV6COqR28FR6Og4raqhyMK UQIDAQAB -----END PUBLIC KEY-----

Example of a key generated with 1password

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWoM3Q9/IXdU6K3io70H21xnK0QJkdAcRycv/ksWXX4UxQ/hXTNRNORpqZZv2QIv9oFvypLIm9wfouPvt1C8fKvysOeKjjGLl8FFEdlsZT/PY97C9BTldcCr1HP3B7+hzcyY1nKaSSK7uyxXFzSi8qf6knnyK6rh6euVJ4eu7UgDlbgR7Z6aH25bh3uwuBV2bIDjIGV0lXr5yfKTLli5MbLAHAPW6pnu9dA2/6dzEBnOwLyRzkuWmE53+PrA7EM3uLTtFiCK4naVx7SGC8TNefkHCMFJJub4pR9FY+CRoHffHYej2Rk2ijHCAM6mTU6AeNQ5mOwz2yX4DVvIqm+qNp

the ones generated automatically in 1Password don't have it and when I try to add it I get an error:

Your request contains empty/invalid/out of limits RSA Encoded Key

Comments

  • amaridev
    amaridev
    Community Member
    Options

    What you are requesting is called PEM format, PKCS#8 to be more specific.

    Unfortunatly 1Password doesn't allow the export in different formats. You have to convert it yourself.

    Easiest solution is to save it to a file and then convert it with ssh-keygen. If you use the 1pw cli tool you can also pipe it directly into ssh-keygen.

    ssh-keygen -f key.pub -e -m pem