Subversion Repositories planix.SVN

.EQ

delim $$

.EN

.TH DSA 8

.SH NAME

dsagen, asn12dsa, dsa2pub, dsa2ssh \- generate and format dsa keys

.SH SYNOPSIS

.B auth/dsagen

.\" [

.\" .B -b

.\" .I nbits

.\" ]

[

.B -t

.I tag

]

.PP

.B auth/asn12dsa

[

.B -t

.I tag

]

[

.I file

]

.PP

.B auth/dsa2pub

[

.I file

]

.PP

.B auth/dsa2ssh

[

.B -c

.I comment

] [

.I file

]

.SH DESCRIPTION

Plan 9 represents a DSA (Digital Signature Algorithm)

key as an attribute-value pair list

prefixed with the string

.BR key ;

this is the generic key format used by

.IR factotum (4).

A full DSA private key has the following attributes:

.TF secret

.TP

.B proto

must be

.B dsa

.TP

.B !secret

decryption key

.TP

.B p

modulus, a large prime

.TP

.B q

group order, another large prime that divides

.I p

- 1.

.TP

.B alpha

group generator

.TP

.B key

$"alpha" sup secret ~ mod ~ p$

.PD

.LP

All the numbers are in hexadecimal.

A DSA public key omits the attributes beginning with

.LR ! .

A key may have other attributes as well (for example, a

.B service

attribute identifying how this key is typically used),

but to these utilities such attributes are merely comments.

.PP

For example, a private key and corresponding public key might look like this

(with [⋯] indicating elisions and \e marking line breaks for readability):

.IP

.EX

key proto=dsa p=D5[⋯]DB q=C2[⋯]E7 alpha=44[⋯]9B key=C1[⋯]3F \e

	!secret=9E[⋯]3B

key proto=dsa p=D5[⋯]DB q=C2[⋯]E7 alpha=44[⋯]9B key=C1[⋯]3F

.EE

.LP

Note that the order of the attributes does not matter.

.PP

.I Dsagen

prints a randomly generated DSA private key

whose

.B n

has exactly

.I nbits

(default 1024)

significant bits.

If

.I tag

is specified, it is printed between

.B key

and

.BR proto=dsa ;

typically,

.I tag

is a sequence of attribute-value comments describing the key.

.PP

.I Asn12dsa

reads an DSA private key stored as ASN.1

encoded in the binary Distinguished Encoding Rules (DER)

and prints a Plan 9 DSA key,

inserting

.I tag

exactly as

.I dsagen

does.

ASN.1/DER is a popular key format on Unix and Windows;

it is often encoded in text form using the Privacy Enhanced Mail (PEM) format

in a section labeled as an

.RB `` DSA

.B PRIVATE

.BR KEY .''

The command:

.IP

.EX

auth/pemdecode 'DSA PRIVATE KEY' | auth/asn12dsa

.EE

.LP

extracts the key section from a textual ASN.1/DER/PEM key

into binary ASN.1/DER format and then

converts it to a Plan 9 DSA key.

.PP

.I Dsa2pub

reads a Plan 9 DSA public or private key,

removes the private attributes, and prints the resulting public key.

Comment attributes are preserved.

.PP

.I Dsa2ssh

reads a Plan 9 DSA public or private key and prints the public portion 

in the format used by SSH:

.L ssh-dss

and a long base-64 encoded number.

.EQ

delim @@

.EN

For compatibility with external SSH implementations, the public keys in

.B /sys/lib/ssh/keyring

and

.B $home/lib/keyring

are stored in this format.

.br

.ne 4

.SH EXAMPLES

Generate a fresh key and configure a remote Unix system to

allow use of that key for logins:

.IP

.EX

auth/dsagen -t 'service=ssh' >key

auth/dsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'

cat key >/mnt/factotum/ctl

ssh unix

.EE

.SH SOURCE

.B /sys/src/cmd/auth

.SH "SEE ALSO

.IR ssh (1),

.IR factotum (4),

.IR pem (8),

.IR rsa (8)

.SH BUGS

There are too many key formats.