I'm trying to use Net::SSH2 to execute commands on a remote machine. However, I do not know how to authenticate by using a public key. The documentation mentions this method:
auth_publickey ( username, public key, private key [, password ] )
However, it requires both a public key and a private key. Is there anyway that I can authenticate by just using a public key? Thanks!
That makes no sense. "Everyone" has your public key. It can't be used to authenticate you.
Related
I'm following this guide to update Github's dependabot secrets using their newly released API.
There's a part that says I need to encrypt my secret value using a public key
...
const key = "base64-encoded-public-key";
const value = "plain-text-secret";
// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');
...
My question is, where does this public key come from? I don't recall setting up any keys when configuring dependabot for my repo.
Looking through the dependabot API docs I realized there's also an endpoint to get your repository's public key which gives you the public key to be used. I missed it initially.
I use python pycryptodome rto generate my private and public key. This is one example of a public key that I am generating:
(n=0xf56efd1888065abb3ef6e6b1e6e0039ff1fa0b09e1f1ab9869ad933e1f48527c182957f9a767110524c362ac4c460f752d2011ef827ed9680fe58a078f3e8355d9bea6e1285a7a51b3f5022c66f72331a1053fb8a0033b28838026fadfa11da8b0bcb98476ef1c80f53f9814762c1191965733f883ee1d686624123b28140b5b91fcadf33bfe02e196e0f10bdd80cd5babbd6c10179a84d9325424d2b365f7a8274ce6c454b582dba3289c3cea83ae117c5567dba33a1434b9276dc4ab88fbeec68483913fe6c70424aa19165f19d6d7f158eafedbd81046a7bcdd46be0b4ef8f86069a28a98c78e38ff0f413b1cf76aac674f1c04c7b5ff23540f12398c3927, e=0x10001)
I generate it using this piece of code:
keyPair = RSA.generate(bits=2048)
publicKey = f"(n={hex(keyPair.n)}, e={hex(keyPair.e)})"
Somehow, this doesn't look correct to me, because usually, when I create a key using mac os or other method, I have something like
---BEGIN PRIVATE KEY aksdjbvioasv.....(key itself here....) ---END PUBLIC KEY
What am I msising so that my RSA key is generated correctly?
I solved it by doing
pubKey = keyPair.publickey()
pubKeyPEM = pubKey.exportKey()
print("pubKey PEM is:")
print(pubKeyPEM)
Now I get the proper format, that I can now write into a file!
I'm writing a powershell script where I need to verify the signature of a string using public / private key cryptography. I looked around and only found a "untested" demo of RSA implemented directly in powershell.
Is it possible to use a secure RSA implementation in powershell and if not, are there any other private / public key signature algorithms available?
Can you use .Net objects in your script? Just instantiate a .Net RSACryptoServiceProvider object and load your public and/or private key information. Then you can call any of the Encrypt, Decrypt, SignData or VerifyData functions, as you would in, say, C# code.
$rsa = New-Object -TypeName System.Security.Cryptography.RSACryptoServiceProvider
$rsa.FromXmlString("<RSAKeyValue>your public / private key info here</RSAKeyValue>")
$bytes = GetYourDataAsByteArray()
$decryptedBytes = $rsa.Decrypt($bytes, $true)
// don't forget to dispose when you're done!
$rsa.Dispose()
Using windows CryptoAPI, is it possible to get public RSA key from a private key which was imported (not generated)?
If I use CryptGenKey, I can call CryptExportPublicKeyInfo and CryptImportPublicKeyInfo to obtain the public key handle. However, when I try to do the same thing with private key decoded from PEM and imported using:
CryptImportKey(hCSP, pKeyBuf, cbKeyBuf, 0, CRYPT_EXPORTABLE, &hPrivKey)
import of the private key succeeds and I have a valid handle but the subsequent call to CryptExportPublicKeyInfo fails with "Key does not exist" error. It looks like there's another call missing between CryptImportKey and CryptExportPublicKeyInfo, but I can not find that API call.
The problem with exporting/importing the public key was because private key was generated using AT_SIGNATURE, instead of AT_EXCHANGE. See the explanation and the example code
I have a public key and an encrypted string. I could encrypt with the publickey successfully.But when i try to decrypt using the publickey it fails. I mean when i pass the publickey toseckeyDecrypt it fails.
I have Googled and found out that, by default kSecAttrCanDecrypt is false for public keys.So When i import the public key, i have added this particular line ,
[publicKeyAttr setObject:(id)kCFBooleanTrue forKey:(id)kSecAttrCanDecrypt];
But there is no improvement it still fails. Please somebody help.
EDIT:
Apple's Certificate,Key and Trust Services Says,
kSecAttrCanEncrypt Default false for private keys, true for public keys.
kSecAttrCanDecrypt Default true for private keys, false for public keys.
Which means, the values can be changed right?. My server does not sign(Convert as a digest) the content. They just encrypt using the private key which is to be decrypted at my(in iphone) end. Is that possible?.
The point of asymmetric cryptography is that you encrypt with the public key and decrypt with the private key.
EDIT: If you're signing and verifying, you should use the associated APIs. For example, you can check this capability with kSecAttrCanSign and kSecAttrCanVerify.