delim $$
NAME
dsagen, asn12dsa, dsa2pub, dsa2ssh - generate and format dsa
keys
SYNOPSIS
auth/dsagen [ -t tag ]
auth/asn12dsa [ -t tag ] [ file ]
auth/dsa2pub [ file ]
auth/dsa2ssh [ -c comment ] [ file ]
DESCRIPTION
Plan 9 represents a DSA (Digital Signature Algorithm) key as
an attribute-value pair list prefixed with the string key;
this is the generic key format used by factotum(4). A full
DSA private key has the following attributes:
proto must be dsa
!secret decryption key
p modulus, a large prime
q group order, another large prime that divides p - 1.
alpha group generator
key $"alpha" sup secret ~ mod ~ p$
All the numbers are in hexadecimal. A DSA public key omits
the attributes beginning with `!'. A key may have other
attributes as well (for example, a service attribute identi-
fying how this key is typically used), but to these utili-
ties such attributes are merely comments.
For example, a private key and corresponding public key
might look like this (with [⋯] indicating elisions and \
marking line breaks for readability):
key proto=dsa p=D5[⋯]DB q=C2[⋯]E7 alpha=44[⋯]9B key=C1[⋯]3F \
!secret=9E[⋯]3B
key proto=dsa p=D5[⋯]DB q=C2[⋯]E7 alpha=44[⋯]9B key=C1[⋯]3F
Note that the order of the attributes does not matter.
Dsagen prints a randomly generated DSA private key whose n
has exactly nbits (default 1024) significant bits. If tag
is specified, it is printed between key and proto=dsa; typi-
cally, tag is a sequence of attribute-value comments
describing the key.
Asn12dsa reads an DSA private key stored as ASN.1 encoded in
the binary Distinguished Encoding Rules (DER) and prints a
Plan 9 DSA key, inserting tag exactly as dsagen does.
ASN.1/DER is a popular key format on Unix and Windows; it is
often encoded in text form using the Privacy Enhanced Mail
(PEM) format in a section labeled as an ``DSA PRIVATE KEY.''
The command:
Page 1 Plan 9 (printed 11/1/25)
DSA(8) DSA(8)
auth/pemdecode 'DSA PRIVATE KEY' | auth/asn12dsa
extracts the key section from a textual ASN.1/DER/PEM key
into binary ASN.1/DER format and then converts it to a Plan
9 DSA key.
Dsa2pub reads a Plan 9 DSA public or private key, removes
the private attributes, and prints the resulting public key.
Comment attributes are preserved.
Dsa2ssh reads a Plan 9 DSA public or private key and prints
the public portion in the format used by SSH: `ssh-dss' and
a long base-64 encoded number. delim @@ For compatibility
with external SSH implementations, the public keys in
/sys/lib/ssh/keyring and $home/lib/keyring are stored in
this format.
EXAMPLES
Generate a fresh key and configure a remote Unix system to
allow use of that key for logins:
auth/dsagen -t 'service=ssh' >key
auth/dsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
cat key >/mnt/factotum/ctl
ssh unix
SOURCE
/sys/src/cmd/auth
SEE ALSO
ssh(1), factotum(4), pem(8), rsa(8)
BUGS
There are too many key formats.
Page 2 Plan 9 (printed 11/1/25)