delim $$ NAME dsagen, asn12dsa, dsa2pub, dsa2ssh - generate and format dsa keys SYNOPSIS auth/dsagen [ -t tag ] auth/asn12dsa [ -t tag ] [ file ] auth/dsa2pub [ file ] auth/dsa2ssh [ -c comment ] [ file ] DESCRIPTION Plan 9 represents a DSA (Digital Signature Algorithm) key as an attribute-value pair list prefixed with the string key; this is the generic key format used by factotum(4). A full DSA private key has the following attributes: proto must be dsa !secret decryption key p modulus, a large prime q group order, another large prime that divides p - 1. alpha group generator key $"alpha" sup secret ~ mod ~ p$ All the numbers are in hexadecimal. A DSA public key omits the attributes beginning with `!'. A key may have other attributes as well (for example, a service attribute identi- fying how this key is typically used), but to these utili- ties such attributes are merely comments. For example, a private key and corresponding public key might look like this (with [⋯] indicating elisions and \ marking line breaks for readability): key proto=dsa p=D5[⋯]DB q=C2[⋯]E7 alpha=44[⋯]9B key=C1[⋯]3F \ !secret=9E[⋯]3B key proto=dsa p=D5[⋯]DB q=C2[⋯]E7 alpha=44[⋯]9B key=C1[⋯]3F Note that the order of the attributes does not matter. Dsagen prints a randomly generated DSA private key whose n has exactly nbits (default 1024) significant bits. If tag is specified, it is printed between key and proto=dsa; typi- cally, tag is a sequence of attribute-value comments describing the key. Asn12dsa reads an DSA private key stored as ASN.1 encoded in the binary Distinguished Encoding Rules (DER) and prints a Plan 9 DSA key, inserting tag exactly as dsagen does. ASN.1/DER is a popular key format on Unix and Windows; it is often encoded in text form using the Privacy Enhanced Mail (PEM) format in a section labeled as an ``DSA PRIVATE KEY.'' The command: Page 1 Plan 9 (printed 12/21/24) DSA(8) DSA(8) auth/pemdecode 'DSA PRIVATE KEY' | auth/asn12dsa extracts the key section from a textual ASN.1/DER/PEM key into binary ASN.1/DER format and then converts it to a Plan 9 DSA key. Dsa2pub reads a Plan 9 DSA public or private key, removes the private attributes, and prints the resulting public key. Comment attributes are preserved. Dsa2ssh reads a Plan 9 DSA public or private key and prints the public portion in the format used by SSH: `ssh-dss' and a long base-64 encoded number. delim @@ For compatibility with external SSH implementations, the public keys in /sys/lib/ssh/keyring and $home/lib/keyring are stored in this format. EXAMPLES Generate a fresh key and configure a remote Unix system to allow use of that key for logins: auth/dsagen -t 'service=ssh' >key auth/dsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys' cat key >/mnt/factotum/ctl ssh unix SOURCE /sys/src/cmd/auth SEE ALSO ssh(1), factotum(4), pem(8), rsa(8) BUGS There are too many key formats. Page 2 Plan 9 (printed 12/21/24)