java - 在 AWS 上导入密钥对之前,如何通过 Java 验证 OpenSSH 公钥格式?
问题描述
我的任务是使用 Java 验证 AWS 支持的 OpenSSH 公钥(RSA 密钥)。
例如,我有两种 RSA 格式,如何通过 Java 验证它们?
---- BEGIN PUBLIC KEY ----
Comment: "4096-bit RSA, converted from OpenSSH by dhopson@VMUbuntu-DSH"
AAAAB3NzaC1yc2EAAAABIwAAAgEAwrr66r8n6B8Y0zMF3dOpXEapIQD9DiYQ6D6/zwor9o
39jSkHNiMMER/GETBbzP83LOcekm02aRjo55ArO7gPPVvCXbrirJu9pkm4AC4BBre5xSLS
7soyzwbigFruM8G63jSXqpHqJ/ooi168sKMC2b0Ncsi+JlTfNYlDXJVLKEeZgZOInQyMmt
isaDTUQWTIv1snAizf4iIYENuAkGYGNCL77u5Y5VOu5eQipvFajTnps9QvUx/zdSFYn9e2
sulWM3Bxc/S4IJ67JWHVRpfJxGi3hinRBH8WQdXuUwdJJTiJHKPyYrrM7Q6Xq4TOMFtcRu
LDC6u3BXM1L0gBvHPNOnD5l2Lp5EjUkQ9CBf2j4A4gfH+iWQZyk08esAG/iwArAVxkl368
+dkbMWOXL8BN4x5zYgdzoeypQZZ2RKH780MCTSo4WQ19DP8pw+9q3bSFC9H3xYAxrKAJNW
jeTUJOTrTe+mWXXU770gYyQTxa2ycnYrlZucn1S3vsvn6eq7NZZ8NRbyv1n15Ocg+nHK4f
uKOrwPhU3NbKQwtjb0Wsxx1gAmQqIOLTpAdsrAauPxC7TPYA5qQVCphvimKuhQM/1gMV22
5JrnjspVlthCzuFYUjXOKC3wxz6FFEtwnXu3uC5bVVkmkNadJmD21gD23yk4BraGXVYpRM
IB+X+OTUUI8=
---- END PUBLIC KEY ----
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAgEAwrr66r8n6B8Y0zMF3dOpXEapIQD9DiYQ6D6/zwor9o
39jSkHNiMMER/GETBbzP83LOcekm02aRjo55ArO7gPPVvCXbrirJu9pkm4AC4BBre5xSLS
7soyzwbigFruM8G63jSXqpHqJ/ooi168sKMC2b0Ncsi+JlTfNYlDXJVLKEeZgZOInQyMmt
isaDTUQWTIv1snAizf4iIYENuAkGYGNCL77u5Y5VOu5eQipvFajTnps9QvUx/zdSFYn9e2
sulWM3Bxc/S4IJ67JWHVRpfJxGi3hinRBH8WQdXuUwdJJTiJHKPyYrrM7Q6Xq4TOMFtcRu
LDC6u3BXM1L0gBvHPNOnD5l2Lp5EjUkQ9CBf2j4A4gfH+iWQZyk08esAG/iwArAVxkl368
+dkbMWOXL8BN4x5zYgdzoeypQZZ2RKH780MCTSo4WQ19DP8pw+9q3bSFC9H3xYAxrKAJNW
jeTUJOTrTe+mWXXU770gYyQTxa2ycnYrlZucn1S3vsvn6eq7NZZ8NRbyv1n15Ocg+nHK4f
uKOrwPhU3NbKQwtjb0Wsxx1gAmQqIOLTpAdsrAauPxC7TPYA5qQVCphvimKuhQM/1gMV22
5JrnjspVlthCzuFYUjXOKC3wxz6FFEtwnXu3uC5bVVkmkNadJmD21gD23yk4BraGXVYpRM
IB+X+OTUUI8= dhopson@VMUbuntu-DSH
解决方案
假设您从开头删除“ssh-rsa”位并从末尾删除注释(“dhopson@VMUbuntu-DSH”),这将解码 OpenSSH 格式的密钥:
import java.util.Base64;
import java.nio.ByteBuffer;
import java.util.Arrays;
import java.lang.UnsupportedOperationException;
import javax.xml.bind.DatatypeConverter;
import java.math.BigInteger;
public class Demo
{
public static void main(String[] args)
{
String key = "AAAAB3NzaC1yc2EAAAABIwAAAgEAwrr66r8n6B8Y0zMF3dOpXEapIQD9DiYQ6D6/zwor9o" +
"39jSkHNiMMER/GETBbzP83LOcekm02aRjo55ArO7gPPVvCXbrirJu9pkm4AC4BBre5xSLS" +
"7soyzwbigFruM8G63jSXqpHqJ/ooi168sKMC2b0Ncsi+JlTfNYlDXJVLKEeZgZOInQyMmt" +
"isaDTUQWTIv1snAizf4iIYENuAkGYGNCL77u5Y5VOu5eQipvFajTnps9QvUx/zdSFYn9e2" +
"sulWM3Bxc/S4IJ67JWHVRpfJxGi3hinRBH8WQdXuUwdJJTiJHKPyYrrM7Q6Xq4TOMFtcRu" +
"LDC6u3BXM1L0gBvHPNOnD5l2Lp5EjUkQ9CBf2j4A4gfH+iWQZyk08esAG/iwArAVxkl368" +
"+dkbMWOXL8BN4x5zYgdzoeypQZZ2RKH780MCTSo4WQ19DP8pw+9q3bSFC9H3xYAxrKAJNW" +
"jeTUJOTrTe+mWXXU770gYyQTxa2ycnYrlZucn1S3vsvn6eq7NZZ8NRbyv1n15Ocg+nHK4f" +
"uKOrwPhU3NbKQwtjb0Wsxx1gAmQqIOLTpAdsrAauPxC7TPYA5qQVCphvimKuhQM/1gMV22" +
"5JrnjspVlthCzuFYUjXOKC3wxz6FFEtwnXu3uC5bVVkmkNadJmD21gD23yk4BraGXVYpRM" +
"IB+X+OTUUI8=";
byte[] keyBytes = Base64.getDecoder().decode(key);
int offset = 4;
int length;
BigInteger publicExponent, modulus;
length = ByteBuffer.wrap(Arrays.copyOfRange(keyBytes, 0, 4)).getInt();
byte[] keyType = Arrays.copyOfRange(keyBytes, 4, 4 + length);
if (!Arrays.equals(keyType, "ssh-rsa".getBytes())) {
throw new UnsupportedOperationException(
DatatypeConverter.printHexBinary("ssh-rsa".getBytes()) +
" key expected - got " +
DatatypeConverter.printHexBinary(keyType)
);
}
offset+= length;
length = ByteBuffer.wrap(Arrays.copyOfRange(keyBytes, offset, offset + 4)).getInt();
offset+= 4;
publicExponent = new BigInteger(Arrays.copyOfRange(keyBytes, offset, offset + length));
offset+= length;
length = ByteBuffer.wrap(Arrays.copyOfRange(keyBytes, offset, offset + 4)).getInt();
offset+= 4;
modulus = new BigInteger(Arrays.copyOfRange(keyBytes, offset, offset + length));
System.out.println(publicExponent.toString());
System.out.println(modulus.toString());
}
}
它解码 OpenSSH 密钥的事实意味着它应该足以验证它。
如果解码在任何时候失败,都会抛出异常。如果没有足够的二进制数据,LikeArrays.copyOfRange()
会抛出。ArrayIndexOutOfBoundsException
IE。如果没有抛出异常,则密钥是好的。如果抛出异常,则密钥是错误的。
推荐阅读
- python - 我正在尝试创建并调用一个函数来反转字符串并删除小数点前的整数
- azure-functions - CefSharp.OffScreen.NETCore 与 Azure 功能
- c# - Serverless API Gateway/Lambda 下载 PDF 失败
- java - 使用 Http 请求调用多个 url
- python - 发布 PyPI python 包时,何时编译 PyQt5 资源和 ui 文件?
- authentication - 大多数静态网页的浏览器缓存
- c# - Sitronix st7565p 控制器的 LCD 到图像转换
- javascript - Google Script - 有条件地将行从工作表附加到工作表
- python-3.x - 通过数据框的循环创建子图
- r - 如何以前两列形成从另一列获取值的新列的名称的方式重塑数据框?