What encoding is used for the keys when using `ssh-keygen -t rsa`?












2














When I run:



ssh-keygen -t rsa


to generate a public/private key pair in files e.g. id_rsa.pub and id_rsa, my understanding is that the public key encodes a prime number p, and the private key encodes a number pq. But when I open these files I don't see human-readable numbers, I see sequences of characters. So my question is simply: what am I looking at? Are these characters directly mappable to numbers and, if so, by what convention/algorithm/encoding?






ssl openssh







share|improve this question







New contributor




Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    An RSA keypair generates two primes (p and q) and their product n = pq. The public key consists of n and e, the public exponent; the private key must include n and d, the private exponent, but in practice also include p, q, and several additional numbers. See en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Key_generation .
    – dave_thompson_085
    Jan 6 at 0:03










  • Computers only store numbers as ASCII digits if humans need to read them, otherwise more space efficient methods are available. The Base64 is a mapping onto visible ASCII characters so they could go through any kind of ASCII-based (7-bit) mail system without being distorted.
    – Thorbjørn Ravn Andersen
    Jan 6 at 1:21
















2














When I run:



ssh-keygen -t rsa


to generate a public/private key pair in files e.g. id_rsa.pub and id_rsa, my understanding is that the public key encodes a prime number p, and the private key encodes a number pq. But when I open these files I don't see human-readable numbers, I see sequences of characters. So my question is simply: what am I looking at? Are these characters directly mappable to numbers and, if so, by what convention/algorithm/encoding?






ssl openssh







share|improve this question







New contributor




Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
















  • 1




    An RSA keypair generates two primes (p and q) and their product n = pq. The public key consists of n and e, the public exponent; the private key must include n and d, the private exponent, but in practice also include p, q, and several additional numbers. See en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Key_generation .
    – dave_thompson_085
    Jan 6 at 0:03










  • Computers only store numbers as ASCII digits if humans need to read them, otherwise more space efficient methods are available. The Base64 is a mapping onto visible ASCII characters so they could go through any kind of ASCII-based (7-bit) mail system without being distorted.
    – Thorbjørn Ravn Andersen
    Jan 6 at 1:21














2












2








2







When I run:



ssh-keygen -t rsa


to generate a public/private key pair in files e.g. id_rsa.pub and id_rsa, my understanding is that the public key encodes a prime number p, and the private key encodes a number pq. But when I open these files I don't see human-readable numbers, I see sequences of characters. So my question is simply: what am I looking at? Are these characters directly mappable to numbers and, if so, by what convention/algorithm/encoding?






ssl openssh







share|improve this question







New contributor




Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











When I run:



ssh-keygen -t rsa


to generate a public/private key pair in files e.g. id_rsa.pub and id_rsa, my understanding is that the public key encodes a prime number p, and the private key encodes a number pq. But when I open these files I don't see human-readable numbers, I see sequences of characters. So my question is simply: what am I looking at? Are these characters directly mappable to numbers and, if so, by what convention/algorithm/encoding?






ssl openssh




ssl openssh






share|improve this question







New contributor




Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.











share|improve this question







New contributor




Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this question




share|improve this question






New contributor




Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









asked Jan 5 at 20:25









Anastasius VivaldusAnastasius Vivaldus

204




204




New contributor




Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Anastasius Vivaldus is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.








  • 1




    An RSA keypair generates two primes (p and q) and their product n = pq. The public key consists of n and e, the public exponent; the private key must include n and d, the private exponent, but in practice also include p, q, and several additional numbers. See en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Key_generation .
    – dave_thompson_085
    Jan 6 at 0:03










  • Computers only store numbers as ASCII digits if humans need to read them, otherwise more space efficient methods are available. The Base64 is a mapping onto visible ASCII characters so they could go through any kind of ASCII-based (7-bit) mail system without being distorted.
    – Thorbjørn Ravn Andersen
    Jan 6 at 1:21














  • 1




    An RSA keypair generates two primes (p and q) and their product n = pq. The public key consists of n and e, the public exponent; the private key must include n and d, the private exponent, but in practice also include p, q, and several additional numbers. See en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Key_generation .
    – dave_thompson_085
    Jan 6 at 0:03










  • Computers only store numbers as ASCII digits if humans need to read them, otherwise more space efficient methods are available. The Base64 is a mapping onto visible ASCII characters so they could go through any kind of ASCII-based (7-bit) mail system without being distorted.
    – Thorbjørn Ravn Andersen
    Jan 6 at 1:21








1




1




An RSA keypair generates two primes (p and q) and their product n = pq. The public key consists of n and e, the public exponent; the private key must include n and d, the private exponent, but in practice also include p, q, and several additional numbers. See en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Key_generation .
– dave_thompson_085
Jan 6 at 0:03




An RSA keypair generates two primes (p and q) and their product n = pq. The public key consists of n and e, the public exponent; the private key must include n and d, the private exponent, but in practice also include p, q, and several additional numbers. See en.wikipedia.org/wiki/RSA_%28cryptosystem%29#Key_generation .
– dave_thompson_085
Jan 6 at 0:03












Computers only store numbers as ASCII digits if humans need to read them, otherwise more space efficient methods are available. The Base64 is a mapping onto visible ASCII characters so they could go through any kind of ASCII-based (7-bit) mail system without being distorted.
– Thorbjørn Ravn Andersen
Jan 6 at 1:21




Computers only store numbers as ASCII digits if humans need to read them, otherwise more space efficient methods are available. The Base64 is a mapping onto visible ASCII characters so they could go through any kind of ASCII-based (7-bit) mail system without being distorted.
– Thorbjørn Ravn Andersen
Jan 6 at 1:21










1 Answer
1






active

oldest

votes


















5














The ssh and ssl keys (private and public) are usually stored in so named PEM format.




Privacy-Enhanced Mail (PEM) is a de facto file format for storing and
sending cryptographic keys, certificates, and other data, based on a
set of 1993 IETF standards defining "privacy-enhanced mail." While the
original standards were never broadly adopted, and were supplanted by
PGP and S/MIME, the textual encoding they defined became very popular.
The PEM format was eventually formalized by the IETF in RFC 7468.




This format is actually header, then base64 encoded binary data and footer.




Base64 is a group of similar binary-to-text encoding schemes that
represent binary data in an ASCII string format by translating it into
a radix-64 representation. The term Base64 originates from a specific
MIME content transfer encoding. Each Base64 digit represents exactly 6
bits of data. Three 8-bit bytes (i.e., a total of 24 bits) can
therefore be represented by four 6-bit Base64 digits.







share|improve this answer

















  • 1




    Note ssh-keygen uses (several) PEM formats but never the one(s) in 7468. In the past for RSA it defaulted to OpenSSL's two 'traditional' (aka 'legacy') formats, either unencrypted whcih is 7468-like except containing PKCS1, or password-encrypted which is1421-like with Proc-type and DEK-Info and base64 of encrypted PKCS1, but not 7468-like. Since 7.8 it defaults to OpenSSH's own 'new format' (previously invoked by option -o) which is 7468-like but the contents are entirely different (XDR-style not ASN.1). There are numerous Qs about these already on several Stacks.
    – dave_thompson_085
    Jan 6 at 0:08










  • @dave_thompson_085, thank you for clarification. May I quote you comment in my answer?
    – Romeo Ninov
    2 days ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});






Anastasius Vivaldus is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f492704%2fwhat-encoding-is-used-for-the-keys-when-using-ssh-keygen-t-rsa%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









5














The ssh and ssl keys (private and public) are usually stored in so named PEM format.




Privacy-Enhanced Mail (PEM) is a de facto file format for storing and
sending cryptographic keys, certificates, and other data, based on a
set of 1993 IETF standards defining "privacy-enhanced mail." While the
original standards were never broadly adopted, and were supplanted by
PGP and S/MIME, the textual encoding they defined became very popular.
The PEM format was eventually formalized by the IETF in RFC 7468.




This format is actually header, then base64 encoded binary data and footer.




Base64 is a group of similar binary-to-text encoding schemes that
represent binary data in an ASCII string format by translating it into
a radix-64 representation. The term Base64 originates from a specific
MIME content transfer encoding. Each Base64 digit represents exactly 6
bits of data. Three 8-bit bytes (i.e., a total of 24 bits) can
therefore be represented by four 6-bit Base64 digits.







share|improve this answer

















  • 1




    Note ssh-keygen uses (several) PEM formats but never the one(s) in 7468. In the past for RSA it defaulted to OpenSSL's two 'traditional' (aka 'legacy') formats, either unencrypted whcih is 7468-like except containing PKCS1, or password-encrypted which is1421-like with Proc-type and DEK-Info and base64 of encrypted PKCS1, but not 7468-like. Since 7.8 it defaults to OpenSSH's own 'new format' (previously invoked by option -o) which is 7468-like but the contents are entirely different (XDR-style not ASN.1). There are numerous Qs about these already on several Stacks.
    – dave_thompson_085
    Jan 6 at 0:08










  • @dave_thompson_085, thank you for clarification. May I quote you comment in my answer?
    – Romeo Ninov
    2 days ago
















5














The ssh and ssl keys (private and public) are usually stored in so named PEM format.




Privacy-Enhanced Mail (PEM) is a de facto file format for storing and
sending cryptographic keys, certificates, and other data, based on a
set of 1993 IETF standards defining "privacy-enhanced mail." While the
original standards were never broadly adopted, and were supplanted by
PGP and S/MIME, the textual encoding they defined became very popular.
The PEM format was eventually formalized by the IETF in RFC 7468.




This format is actually header, then base64 encoded binary data and footer.




Base64 is a group of similar binary-to-text encoding schemes that
represent binary data in an ASCII string format by translating it into
a radix-64 representation. The term Base64 originates from a specific
MIME content transfer encoding. Each Base64 digit represents exactly 6
bits of data. Three 8-bit bytes (i.e., a total of 24 bits) can
therefore be represented by four 6-bit Base64 digits.







share|improve this answer

















  • 1




    Note ssh-keygen uses (several) PEM formats but never the one(s) in 7468. In the past for RSA it defaulted to OpenSSL's two 'traditional' (aka 'legacy') formats, either unencrypted whcih is 7468-like except containing PKCS1, or password-encrypted which is1421-like with Proc-type and DEK-Info and base64 of encrypted PKCS1, but not 7468-like. Since 7.8 it defaults to OpenSSH's own 'new format' (previously invoked by option -o) which is 7468-like but the contents are entirely different (XDR-style not ASN.1). There are numerous Qs about these already on several Stacks.
    – dave_thompson_085
    Jan 6 at 0:08










  • @dave_thompson_085, thank you for clarification. May I quote you comment in my answer?
    – Romeo Ninov
    2 days ago














5












5








5






The ssh and ssl keys (private and public) are usually stored in so named PEM format.




Privacy-Enhanced Mail (PEM) is a de facto file format for storing and
sending cryptographic keys, certificates, and other data, based on a
set of 1993 IETF standards defining "privacy-enhanced mail." While the
original standards were never broadly adopted, and were supplanted by
PGP and S/MIME, the textual encoding they defined became very popular.
The PEM format was eventually formalized by the IETF in RFC 7468.




This format is actually header, then base64 encoded binary data and footer.




Base64 is a group of similar binary-to-text encoding schemes that
represent binary data in an ASCII string format by translating it into
a radix-64 representation. The term Base64 originates from a specific
MIME content transfer encoding. Each Base64 digit represents exactly 6
bits of data. Three 8-bit bytes (i.e., a total of 24 bits) can
therefore be represented by four 6-bit Base64 digits.







share|improve this answer












The ssh and ssl keys (private and public) are usually stored in so named PEM format.




Privacy-Enhanced Mail (PEM) is a de facto file format for storing and
sending cryptographic keys, certificates, and other data, based on a
set of 1993 IETF standards defining "privacy-enhanced mail." While the
original standards were never broadly adopted, and were supplanted by
PGP and S/MIME, the textual encoding they defined became very popular.
The PEM format was eventually formalized by the IETF in RFC 7468.




This format is actually header, then base64 encoded binary data and footer.




Base64 is a group of similar binary-to-text encoding schemes that
represent binary data in an ASCII string format by translating it into
a radix-64 representation. The term Base64 originates from a specific
MIME content transfer encoding. Each Base64 digit represents exactly 6
bits of data. Three 8-bit bytes (i.e., a total of 24 bits) can
therefore be represented by four 6-bit Base64 digits.








share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 5 at 20:48









Romeo NinovRomeo Ninov

5,27731827




5,27731827








  • 1




    Note ssh-keygen uses (several) PEM formats but never the one(s) in 7468. In the past for RSA it defaulted to OpenSSL's two 'traditional' (aka 'legacy') formats, either unencrypted whcih is 7468-like except containing PKCS1, or password-encrypted which is1421-like with Proc-type and DEK-Info and base64 of encrypted PKCS1, but not 7468-like. Since 7.8 it defaults to OpenSSH's own 'new format' (previously invoked by option -o) which is 7468-like but the contents are entirely different (XDR-style not ASN.1). There are numerous Qs about these already on several Stacks.
    – dave_thompson_085
    Jan 6 at 0:08










  • @dave_thompson_085, thank you for clarification. May I quote you comment in my answer?
    – Romeo Ninov
    2 days ago














  • 1




    Note ssh-keygen uses (several) PEM formats but never the one(s) in 7468. In the past for RSA it defaulted to OpenSSL's two 'traditional' (aka 'legacy') formats, either unencrypted whcih is 7468-like except containing PKCS1, or password-encrypted which is1421-like with Proc-type and DEK-Info and base64 of encrypted PKCS1, but not 7468-like. Since 7.8 it defaults to OpenSSH's own 'new format' (previously invoked by option -o) which is 7468-like but the contents are entirely different (XDR-style not ASN.1). There are numerous Qs about these already on several Stacks.
    – dave_thompson_085
    Jan 6 at 0:08










  • @dave_thompson_085, thank you for clarification. May I quote you comment in my answer?
    – Romeo Ninov
    2 days ago








1




1




Note ssh-keygen uses (several) PEM formats but never the one(s) in 7468. In the past for RSA it defaulted to OpenSSL's two 'traditional' (aka 'legacy') formats, either unencrypted whcih is 7468-like except containing PKCS1, or password-encrypted which is1421-like with Proc-type and DEK-Info and base64 of encrypted PKCS1, but not 7468-like. Since 7.8 it defaults to OpenSSH's own 'new format' (previously invoked by option -o) which is 7468-like but the contents are entirely different (XDR-style not ASN.1). There are numerous Qs about these already on several Stacks.
– dave_thompson_085
Jan 6 at 0:08




Note ssh-keygen uses (several) PEM formats but never the one(s) in 7468. In the past for RSA it defaulted to OpenSSL's two 'traditional' (aka 'legacy') formats, either unencrypted whcih is 7468-like except containing PKCS1, or password-encrypted which is1421-like with Proc-type and DEK-Info and base64 of encrypted PKCS1, but not 7468-like. Since 7.8 it defaults to OpenSSH's own 'new format' (previously invoked by option -o) which is 7468-like but the contents are entirely different (XDR-style not ASN.1). There are numerous Qs about these already on several Stacks.
– dave_thompson_085
Jan 6 at 0:08












@dave_thompson_085, thank you for clarification. May I quote you comment in my answer?
– Romeo Ninov
2 days ago




@dave_thompson_085, thank you for clarification. May I quote you comment in my answer?
– Romeo Ninov
2 days ago










Anastasius Vivaldus is a new contributor. Be nice, and check out our Code of Conduct.










draft saved

draft discarded


















Anastasius Vivaldus is a new contributor. Be nice, and check out our Code of Conduct.













Anastasius Vivaldus is a new contributor. Be nice, and check out our Code of Conduct.












Anastasius Vivaldus is a new contributor. Be nice, and check out our Code of Conduct.
















Thanks for contributing an answer to Unix & Linux Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f492704%2fwhat-encoding-is-used-for-the-keys-when-using-ssh-keygen-t-rsa%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Mario Kart Wii

Image
Please consider supporting The Cutting Room Floor on Patreon. Thanks for all your support! Mario Kart Wii From The Cutting Room Floor Jump to: navigation, search Mario Kart Wii Developer : Nintendo Publisher : Nintendo Platform : Wii Released in JP : April 10, 2008 Released in US : April 27, 2008 Released in EU : April 11, 2008 Released in AU : April 24, 2008 Released in KR : April 30, 2009 This game has unused animations. This game has unused areas. This game has unused code. This game has unused objects. This game has unused modes / minigames. This game has unused graphics. This game has unused models. This game has unused items. This game has unused music. This game has regional differences. This game has a notes page This game has a prerelease article Mario Kart Wii is the sixth game in the series (not counting Arcade editions), which intro
Read more

What does “Dominus providebit” mean?

Image
5 Does "Dominus providebit" mean "The Lord will provide" or "The Lord provides"? I once had a bit of an argument with a guy who studied Latin over that. It's an inscription that appears on the rim of some old Swiss coins that I have. meaning latin-to-english-translation grammar-identification share | improve this question edited Jan 18 at 15:27 V2Blast 105 4 asked Jan 17 at 22:49 Donald K. Donald K. 26 1
Read more

Antonio Litta Visconti Arese

Image
Antonio Litta Visconti Arese I duca Litta, VII marchese di Gambolò In carica 1797 – 1820 Predecessore Pompeo Litta Visconti Arese Successore Alfonso Litta Visconti Arese Trattamento Sua grazia Altri titoli Duca Litta Conte del Regno napoleonico d'Italia Patrizio milanese Don Nascita Milano, 2 maggio 1748 Morte Milano, 14 agosto 1820 Dinastia Litta Visconti Arese Padre Pompeo Litta Visconti Arese Madre Maria Elisabetta Visconti Borromeo Consorte Barbara Barbiano di Belgioioso Religione cattolicesimo Antonio Litta Visconti Arese , I duca Litta, VII marchese di Gambolò (Milano, 2 maggio 1748 – Milano, 14 agosto 1820), è stato un nobile e politico italiano. Composizione "Il pastore svizzero" di Pietro Morlacchi, con dedica Indice 1 Biografia 2 Onorificenze 3 Araldica 4 Albero genealogico 5 Note 6 Altri progetti Biografia | Antonio Litta Visco
Read more