2946 – ssh-keygen -e -f id_rsa only exports public key, never private keys

Bug 2946 - ssh-keygen -e -f id_rsa only exports public key, never private keys

Summary: ssh-keygen -e -f id_rsa only exports public key, never private keys

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-keygen (show other bugs)
Version:	7.9p1
Hardware:	Other Windows 7

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2018-12-19 21:16 AEDT by Thomas Schweikle
Modified:	2021-04-23 14:53 AEST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Schweikle 2018-12-19 21:16:33 AEDT

"ssh-keygen -e -f id_rsa" only exports public key, never private keys.

# ssh-keygen -q -t rsa -b 2048 -N "" -C comment -f id_rsa
# ssh-keygen -e -f id_rsa
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by root@gvm10 from OpenSSH"
AAAAB3NzaC1yc2EAAAADAQABAAABAQDX+xNaEHcrJDM+e+Ro4oace/UITT3I0LKS6OJ3PO
caObuC4ltk5ohbuVCdu1BsyVMXcYu14x/eZKdylwaVWipKE2kE859ozNclHoq4BEbSRdWM
dDrBNHXZrhoHIS5AwbgPOepZLVwoe/y6F+LKbesGGMMUVL1FARGily9tg/XDX2riO8sZVj
LPNtDXfEg/TmAF119MQ4w054bpMxnqsmBNbv3vWQwrE7f8gN5eAOMCgRDUPF+EL1wFR9IW
tgnpEy1X5cOENuLCUBSi01pT8lgn/DGetnrn2UTQHXb+Bw9lZ9yI3OQTVKd7KeWa2j00lA
ZHWV1ofZ0o381Mdk4ZqQxX
---- END SSH2 PUBLIC KEY ----

# ssh-keygen -e -f id_rsa.pub
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by root@gvm10 from OpenSSH"
AAAAB3NzaC1yc2EAAAADAQABAAABAQDX+xNaEHcrJDM+e+Ro4oace/UITT3I0LKS6OJ3PO
caObuC4ltk5ohbuVCdu1BsyVMXcYu14x/eZKdylwaVWipKE2kE859ozNclHoq4BEbSRdWM
dDrBNHXZrhoHIS5AwbgPOepZLVwoe/y6F+LKbesGGMMUVL1FARGily9tg/XDX2riO8sZVj
LPNtDXfEg/TmAF119MQ4w054bpMxnqsmBNbv3vWQwrE7f8gN5eAOMCgRDUPF+EL1wFR9IW
tgnpEy1X5cOENuLCUBSi01pT8lgn/DGetnrn2UTQHXb+Bw9lZ9yI3OQTVKd7KeWa2j00lA
ZHWV1ofZ0o381Mdk4ZqQxX
---- END SSH2 PUBLIC KEY ----

I'd awaited to find my private key converted in the first case, not my public one! The man-page even states this would be the case, but it is not.

Comment 1 Thomas Schweikle 2018-12-19 21:17:20 AEDT

Same for Debian, Fedora, FreeBSD, OpenBSD.

Comment 2 Damien Miller 2019-01-22 22:13:13 AEDT

The -e flag only writes public keys. I've committed a clarification to the man page for this. What are you trying to convert to?

Comment 3 Damien Miller 2021-04-23 14:53:12 AEST

closing resolved bugs as of 8.6p1 release