perl,ssh,sign , Is it possible to sign my data using SSH private key in perl? [closed]

Is it possible to sign my data using SSH private key in perl? [closed]


Tag: perl,ssh,sign

I am new to perl so this might be very basic, but i am finding no way around this problem. I am trying to sign my data which has to be send over https connection using my ssh private key(id_rsa). I am not able to do so using perl and i am at it for days. Please someone show me a possible way to do so. If any more info is needed please ask me. Thanks in advance

My code as asked is

use File::Slurp   qw(read_file);
use Crypt::OpenSSL::RSA;
use MIME::Base64 qw( decode_base64 encode_base64 );

my $keystring = read_file( 'id_rsa' );
my $privatekey = Crypt::OpenSSL::RSA->new_private_key($keystring);
my $datatosign = "hello";
my $signature = $privatekey->sign($datatosign);
my $base64 = encode_base64($signature);
print "$base64"; 

The error coming on running it is RSA.xs:178: OpenSSL error: unsupported encryption at line 7.

NOTE: As discussed in the comments, I am using a passphrase protected id_rsa.


So, leaving out the perl, and just doing this by hand with openssl

Checking the key:

ssh-keygen -t rsa -f test_id

openssl rsa -in test_id -check
  RSA key ok

So we do have a 'valid' RSA private key there, which we should be able to use for encrpyting.

Generating a comparison key

However if you use openssl to generate a key pair

openssl genrsa -out openssl_gen_rsa
openssl rsa -in openssl_gen_rsa -pubout -out openssl_gen_rsa.out 

Looks like the command you need is:

openssl rsautl -inkey test_id  -in test_file.txt -encrypt -out test_file.enc

(That encrypts with the private key, so you'd decrypt with the public key - that's actually pretty similar to signing - normally you wouldn't do this).

The problem is - if you compare your generated -public- keys they don't match. looks like (Yes, this is the real one, and no, I did only use it for testing!)

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKfjRD+Gb5EE+SgOy7eoT0siQaAqfSY7KI2wkdrdygnJ+ccW/uMCtCVPhpz00u3EW2Gz1WI    DteLKppjvUem1lKb8Tt2EWBQGyFOYKp44r3AJZgTcxLeDdqSUoiPsjWf1aUqy2Z1fBgtG+QOa7bpA8km6CbsORYX/TVg4B6vvdkkH    K8WcmzBBF3rGsTCM3VXPp56bPoMCbwCsXvIjejmq+JdGHyxUmCxe1PrPyvmoYX3OUqpFBYIjeLWGDI9EXS6jA/r7viIAxdllvulPg    IJ+4mdYzKN+T1ME0X0c+ZdFTMdeUnB9/TZmJr1j8Q/4SQm+3J9CiwtVXKxdkDsDObkcDp [email protected]

Where my generated key file looks like:

-----END PUBLIC KEY-----

I can use my generated pair (encrypting using public key, decrypting using private):

openssl rsautl -inkey openssl_gen_rsa.out -pubin  -in test_file.txt -encrypt -out test_file.enc2
openssl rsautl -inkey openssl_gen_rsa -in test_file.enc2 -decrypt

This works.

Turning your OpenSSH private key into an RSA public key

So if we run your ssh private key through openssl:

openssl rsa -in test_id -pubout -out

We get:

-----END PUBLIC KEY-----

Which isn't even a remotely similar encoding to the file - and I think therefore why you have this problem.

 openssl rsautl -inkey -pubin  -in test_file.txt -encrypt -out

Now works, and you can decrypt it using your test_id private key:

openssl rsautl -inkey test_id -in -decrypt

So yes - for some reason the public key generated by ssh-keygen isn't the same format as openssl is expecting, so it's not going to work.

using an openssh key to verify

Anyway, back to your original example - using the private key to generate a signature:

openssl rsautl -sign -inkey test_id -in test_file.txt -out test_file.sig
openssl rsautl -verify -in test_file.sig -inkey -pubin

But the verify step won't work using the generated ssh key.

So does this answer your question as to whether it's possible? I'm afraid I don't know how the ssh public key differs from a 'normal' rsa public key.

I suspect your code therefore doesn't even need to be as complicated as it - I don't think you need to pkcs pad your key file.


use strict;
use warnings;
use File::Slurp   qw(read_file);
use Crypt::OpenSSL::RSA;
use MIME::Base64 qw( decode_base64 encode_base64 );

my $keystring = read_file ('test_id');
my $privatekey = Crypt::OpenSSL::RSA->new_private_key($keystring);
my $datatosign = "hello";
my $signature = $privatekey->sign($datatosign);
my $base64 = encode_base64($signature);
print "Signature:\n";
print "$base64";

my $public_key_text = $privatekey-> get_public_key_string();
print "Public Key:\n";
print $public_key_text;

my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key ( $public_key_text );
print "Signed correctly\n" if ($rsa_pub->verify($datatosign, decode_base64($base64)));

This seems to work. (note lack of pkcs padding line).

Encrypted private key (passphrase)

Following from comments:

If your id_rsa has a passphrase set you'll have something like this:

Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,B44716076DD8B7D2B5E909BB8F70B48B

You can decrypt this by hand using openssl again:

openssl rsa -in test_id.enc
Enter pass phrase for test_id.enc:


openssl rsa -in test_id.enc -passin pass:testpass

I'm less sure how you do this using Crypt::OpenSSL::RSA - there doesn't seem to be any option to specify a passphrase to a private key.

I think you therefore need to use Crypt::CBC to decrypt the private key first. I can't test this, because I've got a load of dependencies to install.

A bit of googling suggests that you might be able to use Crypt::PK::RSA instead.

And as an alernative - use IPC::Open2 and start an openssl process to do the things without using libraries at all.


my $keystring = `openssl rsa -passin pass:testpass -in test_id.enc`;

Not very nice, but it'll work. (and test it does actually work)


C++ - back to start of loop without checking the condition

Programming on perl, we can use a smart function named 'redo' - we can go back to the start of the loop, without looking at the condition. It's useful when, for example, we create a table in which we must to set a expected values/characters (e.g. "a-b-c", nothing else). I...

problems copying shared hash in perl threads

I encountered what I feel is strange behavior of shared hash in perl and needed some help understanding it. The actual problem is in a far larger code-base and I have tried reducing it to smaller reproducible script. So essentially the problem I'm facing is I have a shared variable...

What does this horribly ugly (yet somehow secretly beautiful) Perl code do?

I found this code in a Powerpoint presentation about Perl scripting and this was on a page demonstrating how ugly Perl code can get if you really wanted to make it that way. The presentation says nothing about what this code does. Honestly I am just very curious to know......

How to extract some text from an HTML doc using Web::Query

I'm trying to extract the subject (between the h3 tags) in the following example using Web::Query. Find 'h3' returns the author text, but I want the h3 in the subject class instead. I tried .subject.div.h3 but it returns undef. #!/usr/bin/perl use strict; use warnings; use Web::Query; # libweb-query-perl use Data::Dumper;...

Perl Debugging Using Flags

So my goal is to find an easy way to turn on print statements in Perl a flag. In C/C++ you can use a #define to choose if certain code is run and it is a way to turn on and off debug print statements. Where if a #define DEBUG...

Capistrano and Corkscrew PATH error

I'm trying to deploy my Rails application with Capistrano but when it comes to "git ls-remote" i get the following error: $ /usr/bin/env git ls-remote --heads [email protected]<server>:<project>.git /bin/bash: line 0: exec: corkscrew: not found DEBUG [a5205e2a] ssh_exchange_identification: Connection closed by remote host DEBUG [a5205e2a] fatal: The remote end hung up...

Perl: Multiply loops, 1 hash and regex

I got stuck with logic behind loops (while & foreach) and AoH. I have basic knowledge about loops and arrays of hashes, but I can't quite understand how to combine them into 1 single and simple solution. My task is to check regular user's password age, if it is older...

Plain text emails displayed as attachment on some email clients

The email can be viewed normally using some email clients (Evolution, Thunderbird), but with other clients (e.g., GMX) the body of the message remains empty and an attachment containing the body of the message is sent. I would like to know how I can prevent this from happening, since the...

Capture SSH Response to variable

I am currently trying to "talk" to a router using SSH commands via C#. I am using the model. public void connectSSH(string hostName, string username, string password) { using (var client = new SshClient(hostName, username, password)) { client.Connect(); client.RunCommand(CommandList.showEnvironment()); client.Disconnect(); } } This is the code I have so...

-M Script start time minus file modification time, in days

I would expect -M $_ to be negative, but it is zero for: perl -E 'qx(touch $_), sleep(5), say -M for "/tmp/file"' Does perldoc mentions such behavior?...

unable to understand qr interpolation

I was reading Programming Perl where I learned qr interpolation of strings as regex as : $re = qr/my.STRING/is; print $re; # prints (?si-xm:my.STRING) and it says The /s and /i modifiers were enabled in the pattern because they were supplied to qr//. The /x and /m, however, are disabled...

How to pass a hash as optional argument to -M in command line

I know that when we need to pass some arguments to the use keyword after a package name we can pass them in the command line after the -M parameter. For example: use feature 'say'; say 'hello!'; can be invoked from the command line with >perl -Mfeature=say -e"say 'hello!'" But...

Perl : Display perl variable awk sed echo

When I am using below command directly its working fine but when I am trying to put this in perl script its giving lots of error. my $calculate = `echo "$value" | awk -F "SP=" '{print $2}' | awk -F ";" '{print $1}' | awk -F ":" '{print $2}' |...

How to copy matches from an extremely large file if it contains no newlines?

The problem is I cannot avoid working with extremely big files which contain no newlines in them: <a>text1</a>...gigabytes of data here, all in one single line...[a text to extract b> What should I do if I want to copy matches from this file (putting every match in a separate line,...

Perl - an array content

Can you explain me how to check if an element belongs to array? My script needs to know whether the element has wanted extension to make a shortcut and copy it to another directory. Here is an example: my @array = qw(avi mp4 mov); my $dir = "E:\Downloads"; opendir (my...

using sed to replace a line with back slashes in a shell script

I am trying to replace the bottom one of these 2 lines with sed in a file. <rule>out_prefix=orderid ^1\\d\+ updatemtnotif/</rule>\n\ <rule>out_prefix=orderid ^2\\d\+ updatemtnotif/</rule>\n\ And the following command seems to do that when executed as a command at the bash prompt sed -i '[email protected]_prefix=orderid ^2\\\\d\\+ updatemtnotif/@out_prefix=orderid ^2\\\\d\\+ updatemtnotif_fr/@g' /opt/temp/rules.txt however, when...

Creating a sequence of unique random digits

I have the following code use strict; use warnings; use 5.22.0; # Generating random seed using # Programming Perl p. 955 srand( time() ^ ($$ + ($$ << 15 ) ) ); # Generating code that could have duplicates my @code = ( (int(rand(9)) + 1), (int(rand(9)) + 1), (int(rand(9))...

How do I SSH into EC2 with .pub?

When I create a new Elastic Beanstalk environment it asked me if wanted to create a new keypair. I say yes, and it created two file in my .ssh folder locally called app and Normally to ssh into an instance I use a app.pem file. i.e ssh -i app.pem...

Find numbers in a file and change their value with perl

I have a file with some data in it but there are a bunch of annoying numbers that are less than one which I wanted to just change to 1 instead of manually doing it. I was wondering how you would do this in perl. I tried using something like...

Perl & Regex within Windows CMD Line

Is there anyway to accomplish matching + storing all in one cmd line? So instead of saving the matches to an array: i.e. ($matches) = $filecontents =~ m/.../g ...the matches would save to a *.txt file? I have been experimenting for a couple of days now, and believe that I...

Perl: Using Text::CSV to print AoH

I have an array of hashes (AoH) which looks like this: $VAR1 = [ { 'Unit' => 'M', 'Size' => '321', 'User' => 'test' } { 'Unit' => 'M' 'Size' => '0.24' 'User' => 'test1' } ... ]; How do I write my AoH to a CSV file with separators,...

git ssh doesn't work

I have done what the document said, and when I type ssh -T [email protected], it will show Warning: Permanently added the RSA host key for IP address '[]:443 ' to the list of known hosts. Hi fifiteen82726! You've successfully authenticated, but GitHub does not provide shell access. However, when I...

how to immediately login through ssh?

Here is my problem. I need to run a command ./ -u 1540 This will fetch version 1540 of on SVN When I do, the script access SVN and ask for a password. I'm using ssh. It will first ask me a password since it guesses my SVN login...

Capture tee's argument inside piped Perl execution

How to capture piped command's argument ? I use : perl -some_args | tee arg_filename How to get arg_filename 's value inside ? CONTEXT I need to send this filename in a mail which sends at the end. I need to use tee because we dump huge...

Reducing code verbosity and efficiency

I came across the below where some heavy stipulations were done, finally we got a number of @hits and we need to return just one: if ($#hits > 0) { my $highestScore = 0; my $chosenMatch = ""; for $hit (@hits) { my $currScore = 0; foreach $k (keys %{$hit})...

Version-dependent fallback code

I have a script that needs to run on multiple servers, however, each server may not have the same version of Perl available and may have differing features. Perl v5.14 introduced the /r modifier for regular expressions which returns the result of a substitution and leaves the original text alone....

Check for decimal point and add it at the end if its not there using awk/perl

I have test.dat file with values given below: 20150202,abc,,,,3625.300000,,,,,-5,,,,,,,,,,,,,,,,,,,,,, 20150202,def,,,,32.585,,,,,0,,,,,,,,,,,,,,,,,,,,,, 20150202,xyz,,,,12,,,,,0.004167,,,,,,,,,,,,,,,,,,,,,, My expected output is shown below: 20150202,abc,,,,3625.300000,,,,,-5.,,,,,,,,,,,,,,,,,,,,,, ^. added here 20150202,def,,,,32.585,,,,,0.,,,,,,,,,,,,,,,,,,,,,, ^. added here 20150202,xyz,,,,12.,,,,,0.004167,,,,,,,,,,,,,,,,,,,,,, ^. added here So if column 6 and 11 doesn't have decimal point in it, then we should add '.' at the end of...

Difficulties initializing an array in Perl

I have the following code: print Dumper($dec_res->{repositories}[0]); print Dumper($dec_res->{repositories}[1]); my @repos = ($dec_res->{repositories}); print scalar @repos . "\n"; and the output is the following: $VAR1 = { 'status' => 'OK', 'name' => 'apir', 'svnUrl' => 'https://url.whatever/svn/apir', 'id' => 39, 'viewvcUrl' => 'https://url.whatever/viewvc/apir/' }; $VAR1 = { 'status' => 'OK', 'name'...

How to match and remove the content preceding it from a file in unix [closed]

I have a mysql dump file, and i want to remove the content of the file after "-- Final view structure for view view_oss_user" using sed/perl. The input file is something like this : Content : rom `target` */; /*!50001 SET character_set_client = @saved_cs_client */; /*!50001 SET character_set_results = @saved_cs_results...

Taking multiple header (rows matching condition) and convert into a column

Hello I have a file that has multiple Headers in it that I need to have turned into column values. The file looks like this: Day1 1,Smith,London 2,Bruce,Seattle 5,Will,Dallas Day2 1,Mike,Frisco 4,James,LA I would like the file to end up looking like this: Day1,1,Smith,London Day1,2,Bruce,Seattle Day1,5,Will,Dallas Day2,1,Mike,Frisco Day2,4,James,LA The file...

Deleting upto a line

I have a line that looks like: foo cat dog = -48.34277635 foo(horse->0) = -60.34277635 and I only want the last set of numbers: -60.34277635 The line is formatted with that exact spacing. I've looked everywhere for a simpler solution, but I can't find anything without chopping the file piece...

Looping variables

I'm working with perl to make a script that will work with Dot products/assorted vector math. I've got a working script ( Still very much in progress/needs refinement ) that will do what I ask. #!/usr/bin/perl use strict; use warnings; use diagnostics; use Math::Vector::Real; use 5.010; use Math::Trig; my $source...

Perl XML-RPC output format/schema

I'm writing a script in Perl to use two XML-RPC APIs. With one of them it works fine, with the other one i always get an empty result. After contacting the vendor of the second API, they sent me a PHP sample script to operate with the API. I couldn't...

Perl would I use fc over uc?

When would you ever need to use fc(), when would uc() ever fail? Perl fc documentation...

Opening multiple files in perl array

I have a perl script where by I assigned all the files with a .log extension to an array called @allfiles. How do I run my script for the files stored in each array? My idea is something like open(my $fn, '<', @allfiles) or die "Could not open file '@files':...

Command line arguments in Perl

I am working on an open source project for GSoC and I have this piece of Perl code with me. I need to create another Perl file for a similar task. However, I am having trouble understanding 3 lines of this file. More specifically, I am not able to understand...

how to print all the lines of a text file from hash - perl

I am reading a text file which is having multiple lines in it. I have been assigned a task to print the lines using hash. "\n" is the delimiter we can use. Here is what I tried and got stuck : code : use strict; use warnings; my %hash =...

Why this exclusion not working for long sentences?

Command perl -ne 'print unless /.[240,]/' input.txt > output.txt which includes some sentences which are longer than 240 letters. Why? Example data Development of World Funny Society program on young people who are working hard for the sport and social life such that they have time to go pizzeria every...

Counting occurrences of a word in a string in Perl

I am trying to find out the number of occurrences of "The/the". Below is the code I tried" print ("Enter the String.\n"); $inputline = <STDIN>; chop($inputline); $regex="\[Tt\]he"; if($inputline ne "") { @splitarr= split(/$regex/,$inputline); } [email protected]; print $scalar; The string is : Hello the how are you the wanna work on...

Reading from DATA file handle

My perl module needs to use a look up table that's about 309,000 lines long. Currently the part that loads the table into an array looks (roughly) like this: use strict; use warnings; # load all the data from below my @ref_data; while (<DATA>) { push @ref_data, $_ } close...

Why Filter::Indent::HereDoc complain when blank line in middle of HereDoc

I am trying Filter::Indent::HereDoc which allows one to indent the HereDocument. This is very useful, to be able to have HereDoc that flows with the code logic. From the above link When a 'here document' is used, the document text and the termination string must be flush with the left...

calling cgi script from other cgi script

I found a puzzling behavior using perl cgi for which -- I guess -- there is a perfectly valid explanation but I couldn't find one. There is this question on stackoverflow, but what it describes seems to fail for me. The situation: I have two perl cgi scripts. One of...

Windows/Linux child process STDIN differences

I built a simple text processing script at work to be used by another program. When I was done, someone remembered that the script needs to not block STDIN/STDOUT for the tool using it to work right, and modified the script accordingly. The script opens *nix's cat in a subprocess...

how to correctly write command inside commands (ssh)?

Here is the command I have which works It's just a kill with an expression which returns a number kill $(ps -ef | grep '[m]atchbox-panel --titlebar --start-applets showdesktop,windowselector' | cut -f8 -d' ') &> /dev/null Here is the ssh I normally use bash -c 'timeout 120s ssh -o StrictHostKeyChecking=no [email protected]

How to open a new terminal from my working terminal with same directory in Linux?

Is there any command to open a new terminal from my working terminal with same directory while working with ssh in Linux? e.g., I am working in the following terminal. My pwd is /home/work/Kayan01/test_run I want to open a new terminal directly from my working terminal, so that the pwd...

Regex in Perl Uninitialized $1

My string looks like this: <File `../Path/To/My_File.gif'> I want to extract just "Path/To/My_File.gif". Here is the check I have: if ($row =~ /(?<=File `..\/).*(?=')/) { print "Found it!\n"; print "$1\n"; } I see "Found it!" printed to the console but also get an error saying that $1 is uninitialized. What...

Configure Git to use a .pem key from a specific location

Whenever I try to do a 'git pull origin master' I get (It is NOT Github): Permission denied (publickey). I am able to SSH into my AWS EC2 Linux sever, which has the bare repository, which I'm trying to pull from when I get the aforementioned permission error. I have...

Get ISO DateTime with only core modules in Perl?

I would like to get a date-time string such as 2015-06-17 10:20:34 with only core modules. The reason of this is that cpan install DateTime takes ages on my machine because of the tests and the fetch of all the dependencies. If I give my Program to my colleagues. They...

Create unicode character with pack

I am trying to understand how Perl handles unicode. use feature qw(say); use strict; use warnings; use Encode qw(encode); say unpack "H*", pack("U", 0xff); say unpack "H*", encode( 'UTF-8', chr 0xff ); Output: ff c3bf Why do I get ff and not c3bf when using pack ?...

Can't locate module(s) using Mojo::DOM

I'm new to Mojolicious. I am sure this is probably a setup problem, but it's eaten up an entire day of my time. I'm trying to run this simple test code #!/usr/bin/perl use strict; use warnings; use Mojo::DOM; use Mojo::UserAgent; my $ua = Mojo::UserAgent->new(); $ua->get('')->res->dom('a div')->ancestors('div.spacer')->each( sub { say $_->all_text...