Encrypt temporary password using public ssh key
I finally found how to convert an OpenSSH public key to PEM format on a blog and was able to successfully encrypt and decrypt a string using my private/public key.
I've outlined the steps I used to perform the encryption and decryption.
To encrypt a string:
# convert public key to PEM format
ssh-keygen -f ~/.ssh/id_rsa.pub -e -m PKCS8 > ~/.ssh/id_rsa.pub.pem
# encrypt string using public key
echo "String to Encrypt" \
| openssl rsautl -pubin -inkey ~/.ssh/id_rsa.pub.pem -encrypt -pkcs \
| openssl enc -base64 \
> string.txt
To decrypt a string (from file):
openssl enc -base64 -d -in string.txt \
| openssl rsautl -inkey ~/.ssh/id_rsa -decrypt
Since my goal is to e-mail the password, I've written an extremely basic script to automate things a bit:
#!/bin/sh
if test "x${1}" == "x";then
echo "Usage: ${0} <username>"
exit 1
fi
SSHUSER=${1}
printf "Enter Password: "
read PASS1
echo ""
echo ""
ssh-keygen -f /home/${SSHUSER}/.ssh/id_rsa.pub -e -m PKCS8 \
> /tmp/ssh-pubkey-${SSHUSER}.pem
echo 'cat << EOF |openssl enc -base64 -d |openssl rsautl -inkey ~/.ssh/id_rsa -decrypt'
echo "New Password: ${PASS1}" \
| openssl rsautl -pubin -inkey /tmp/ssh-pubkey-${SSHUSER}.pem -encrypt -pkcs \
| openssl enc -base64
echo "EOF"
echo ""
rm -f /tmp/ssh-pubkey-${SSHUSER}.pem
I can then send the output of the script in an e-mail for the user to decrypt.
The complete script is available on Github: https://gist.github.com/3078682
It is possible since it's just an RSA key. Use openssl:
openssl rsautl -encrypt -inkey alice.pub >message.encrypted
I nicked this of this question on Unix/Linux SE.
I must say that PGP is more suitable for this.
In general, yes this is possible. All SHH does is generate a Modulus N and two keys e (the public key) and d (the private one). The mechanism employed is usually RSA or DSA and the Keys generated can be used for encryption. All you'd have to do is extract them from the base64 blob that is the public key and then use a suitable program to encrypt data with these keys. You might be interested in Monkeysphere which can transfer between ssh key format and gnupg keys. This should allow you also to use the keys for encryption.