java - 在 AWS 上导入密钥对之前，如何通过 Java 验证 OpenSSH 公钥格式？

假设您从开头删除“ssh-rsa”位并从末尾删除注释（“dhopson@VMUbuntu-DSH”），这将解码 OpenSSH 格式的密钥：

import java.util.Base64; 
import java.nio.ByteBuffer;
import java.util.Arrays;
import java.lang.UnsupportedOperationException;
import javax.xml.bind.DatatypeConverter;
import java.math.BigInteger;

public class Demo
{
    public static void main(String[] args)
    {
        String key = "AAAAB3NzaC1yc2EAAAABIwAAAgEAwrr66r8n6B8Y0zMF3dOpXEapIQD9DiYQ6D6/zwor9o" +
"39jSkHNiMMER/GETBbzP83LOcekm02aRjo55ArO7gPPVvCXbrirJu9pkm4AC4BBre5xSLS" +
"7soyzwbigFruM8G63jSXqpHqJ/ooi168sKMC2b0Ncsi+JlTfNYlDXJVLKEeZgZOInQyMmt" +
"isaDTUQWTIv1snAizf4iIYENuAkGYGNCL77u5Y5VOu5eQipvFajTnps9QvUx/zdSFYn9e2" +
"sulWM3Bxc/S4IJ67JWHVRpfJxGi3hinRBH8WQdXuUwdJJTiJHKPyYrrM7Q6Xq4TOMFtcRu" +
"LDC6u3BXM1L0gBvHPNOnD5l2Lp5EjUkQ9CBf2j4A4gfH+iWQZyk08esAG/iwArAVxkl368" +
"+dkbMWOXL8BN4x5zYgdzoeypQZZ2RKH780MCTSo4WQ19DP8pw+9q3bSFC9H3xYAxrKAJNW" +
"jeTUJOTrTe+mWXXU770gYyQTxa2ycnYrlZucn1S3vsvn6eq7NZZ8NRbyv1n15Ocg+nHK4f" +
"uKOrwPhU3NbKQwtjb0Wsxx1gAmQqIOLTpAdsrAauPxC7TPYA5qQVCphvimKuhQM/1gMV22" +
"5JrnjspVlthCzuFYUjXOKC3wxz6FFEtwnXu3uC5bVVkmkNadJmD21gD23yk4BraGXVYpRM" +
"IB+X+OTUUI8=";
                
        byte[] keyBytes = Base64.getDecoder().decode(key);
        int offset = 4;
        int length;
        BigInteger publicExponent, modulus;

        length = ByteBuffer.wrap(Arrays.copyOfRange(keyBytes, 0, 4)).getInt();

        byte[] keyType = Arrays.copyOfRange(keyBytes, 4, 4 + length);
        if (!Arrays.equals(keyType, "ssh-rsa".getBytes())) {
            throw new UnsupportedOperationException(
                DatatypeConverter.printHexBinary("ssh-rsa".getBytes()) +
                " key expected - got " +
                DatatypeConverter.printHexBinary(keyType)
            );
        }
        offset+= length;
        length = ByteBuffer.wrap(Arrays.copyOfRange(keyBytes, offset, offset + 4)).getInt();
        offset+= 4;
        publicExponent = new BigInteger(Arrays.copyOfRange(keyBytes, offset, offset + length));
        offset+= length;
        length = ByteBuffer.wrap(Arrays.copyOfRange(keyBytes, offset, offset + 4)).getInt();
        offset+= 4;
        modulus = new BigInteger(Arrays.copyOfRange(keyBytes, offset, offset + length));

        System.out.println(publicExponent.toString());
        System.out.println(modulus.toString());
    }
}

它解码 OpenSSH 密钥的事实意味着它应该足以验证它。

如果解码在任何时候失败，都会抛出异常。如果没有足够的二进制数据，LikeArrays.copyOfRange()会抛出。ArrayIndexOutOfBoundsException

IE。如果没有抛出异常，则密钥是好的。如果抛出异常，则密钥是错误的。