Plan 9 from Bell Labs’s /usr/web/sources/plan9/sys/man/8/dsa

Copyright © 2021 Plan 9 Foundation.
Distributed under the MIT License.
Download the Plan 9 distribution.


.EQ
delim $$
.EN
.TH DSA 8
.SH NAME
dsagen, asn12dsa, dsa2pub, dsa2ssh \- generate and format dsa keys
.SH SYNOPSIS
.B auth/dsagen
.\" [
.\" .B -b
.\" .I nbits
.\" ]
[
.B -t
.I tag
]
.PP
.B auth/asn12dsa
[
.B -t
.I tag
]
[
.I file
]
.PP
.B auth/dsa2pub
[
.I file
]
.PP
.B auth/dsa2ssh
[
.B -c
.I comment
] [
.I file
]
.SH DESCRIPTION
Plan 9 represents a DSA (Digital Signature Algorithm)
key as an attribute-value pair list
prefixed with the string
.BR key ;
this is the generic key format used by
.IR factotum (4).
A full DSA private key has the following attributes:
.TF secret
.TP
.B proto
must be
.B dsa
.TP
.B !secret
decryption key
.TP
.B p
modulus, a large prime
.TP
.B q
group order, another large prime that divides
.I p
- 1.
.TP
.B alpha
group generator
.TP
.B key
$"alpha" sup secret ~ mod ~ p$
.PD
.LP
All the numbers are in hexadecimal.
A DSA public key omits the attributes beginning with
.LR ! .
A key may have other attributes as well (for example, a
.B service
attribute identifying how this key is typically used),
but to these utilities such attributes are merely comments.
.PP
For example, a private key and corresponding public key might look like this
(with [⋯] indicating elisions and \e marking line breaks for readability):
.IP
.EX
key proto=dsa p=D5[⋯]DB q=C2[⋯]E7 alpha=44[⋯]9B key=C1[⋯]3F \e
	!secret=9E[⋯]3B
key proto=dsa p=D5[⋯]DB q=C2[⋯]E7 alpha=44[⋯]9B key=C1[⋯]3F
.EE
.LP
Note that the order of the attributes does not matter.
.PP
.I Dsagen
prints a randomly generated DSA private key
whose
.B n
has exactly
.I nbits
(default 1024)
significant bits.
If
.I tag
is specified, it is printed between
.B key
and
.BR proto=dsa ;
typically,
.I tag
is a sequence of attribute-value comments describing the key.
.PP
.I Asn12dsa
reads an DSA private key stored as ASN.1
encoded in the binary Distinguished Encoding Rules (DER)
and prints a Plan 9 DSA key,
inserting
.I tag
exactly as
.I dsagen
does.
ASN.1/DER is a popular key format on Unix and Windows;
it is often encoded in text form using the Privacy Enhanced Mail (PEM) format
in a section labeled as an
.RB `` DSA
.B PRIVATE
.BR KEY .''
The command:
.IP
.EX
auth/pemdecode 'DSA PRIVATE KEY' | auth/asn12dsa
.EE
.LP
extracts the key section from a textual ASN.1/DER/PEM key
into binary ASN.1/DER format and then
converts it to a Plan 9 DSA key.
.PP
.I Dsa2pub
reads a Plan 9 DSA public or private key,
removes the private attributes, and prints the resulting public key.
Comment attributes are preserved.
.PP
.I Dsa2ssh
reads a Plan 9 DSA public or private key and prints the public portion 
in the format used by SSH:
.L ssh-dss
and a long base-64 encoded number.
.EQ
delim @@
.EN
For compatibility with external SSH implementations, the public keys in
.B /sys/lib/ssh/keyring
and
.B $home/lib/keyring
are stored in this format.
.br
.ne 4
.SH EXAMPLES
Generate a fresh key and configure a remote Unix system to
allow use of that key for logins:
.IP
.EX
auth/dsagen -t 'service=ssh' >key
auth/dsa2ssh key | ssh unix 'cat >>.ssh/authorized_keys'
cat key >/mnt/factotum/ctl
ssh unix
.EE
.SH SOURCE
.B /sys/src/cmd/auth
.SH "SEE ALSO
.IR ssh (1),
.IR factotum (4),
.IR pem (8),
.IR rsa (8)
.SH BUGS
There are too many key formats.

Bell Labs OSI certified Powered by Plan 9

(Return to Plan 9 Home Page)

Copyright © 2021 Plan 9 Foundation. All Rights Reserved.
Comments to [email protected].