Couldn’t load private key(unrecognized data type) while trying import pem file generated using PKCS8Generator

ssh

I am creating a KeyPair with the below mentioned spec using java(KeyPairGenerator)

OpenSSH public key format
Base64 encoded DER format
SSH public key file format as specified in RFC4716

The public generated is validate and the private key is stored in a pem file using PKCS8Generator is not valid.When i try to import the pem file in puttygen amd getting an error saying "couldn't load private key(unrecognized data type) ",Below is the sample code

KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048, new SecureRandom());
KeyPair kp = kpg.generateKeyPair();
Key publicKey =  kp.getPublic();

String publicKeyEncoded = "---- BEGIN SSH2 PUBLIC KEY ----" + "\n" +
                       new String(Base64.getEncoder().encode(publicKey.getEncoded())) + "\n"+
                           "---- END SSH2 PUBLIC KEY ----";


//Get Private Key and store to pem file.
Key privateKey = kp.getPrivate();
PKCS8Generator encryptorBuilder = new PKCS8Generator((PrivateKey) privateKey);
PEMWriter writer = new PEMWriter(new FileWriter(new File("D:/pk.pem")));
PemObject obj = encryptorBuilder.generate();
writer.writeObject(obj);
writer.flush();
writer.close();

Can you please help me on this.
V

Best Answer

PuTTY does not support PKCS#8 format – only "raw" PEM (PKCS#1) keys and SSH.com "RFC4716-like" private keys. (Recent versions also support the new OpenSSH "bcrypt" format.)

In other words, the file needs to have one of the following headers:

PuTTY-User-Key-File-2: <key_type> (PuTTY .ppk)
-----BEGIN RSA PRIVATE KEY-----
-----BEGIN DSA PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- (SSH.com)
-----BEGIN OPENSSH PRIVATE KEY----- (OpenSSH)

Confusingly, people use the same ".pem" extension for both PKCS#1 and PKCS#8.

(A possible reason for PuTTYgen's lack of support is that OpenSSH's ssh-keygen always writes out PKCS#1, so nobody needed PKCS#8 support until now.)

Related Solutions

Linux – How to use SSH Public Key with PuTTY to connect to a Linux machine

You have to follow these properly.

Configure the Public Key in SSH Server

Copy the public key in to SSH Server via SFTP

put publicy_key

ls -l public_key

Since the public key does not have any permissions, change it to 400 (for read)

chmod 400 public_key

Use ssh-keygen tool to create openSSH format public key

ssh-keygen -if public_key > public_key_openssh_format

Add the created openSSH public key to authorized_keys files

cat public_key_openssh_format >> ~/.ssh/authorized_keys

Check the permissions of .ssh folder and authorized_keys file for access permissions

ls -al ~/.ssh

Verify the Key Pairs with PuTTY

Now, the key based authentication can be verified with PuTTY. Enter the host name and port

Select the private key (.ppk)

Confirm the Security alert

If the configuration is correct, the connection will be established successfully

If you are still stuck. Then you have to re-create the user and follow the steps and configure the public key again.

The user can be recreated using the following command:

Make a copy of the user folder and delete it before recreation.

yast2 users add username=userName cn=" User for test" password="password" gid=100 grouplist=dialout,video type=local

Linux – Did I just send the private ssh key

No, you didn't send your private key. What SSH does here is just group the public and private keys by their name. For example, id_rsa refers to the keypair id_rsa and id_rsa.pub.

"Offering public key" means that it sends your id_rsa.pub to the server. The server then generates an encrypted auth token using the public key.

When it says "trying private key", it will try to decrypt that authentication token with the corresponding private key, and send that back to the server for verification.

Best Answer

Related Solutions

Linux – How to use SSH Public Key with PuTTY to connect to a Linux machine

Linux – Did I just send the private ssh key

Related Question