Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!ecngs!feeder2.ecngs.de!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <phatbuckett@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.016
X-Spam-Evidence: '*H*': 0.97; '*S*': 0.00; 'python.': 0.02; 'attributes': 0.09; 'indeed,': 0.09; 'subject:keys': 0.09; 'type,': 0.09; 'api': 0.11; 'assume': 0.14; 'formatted': 0.16; 'googling': 0.16; 'keys)': 0.16; 'length,': 0.16; 'need:': 0.16; 'roy': 0.16; 'skip:9 40': 0.16; 'ssh': 0.16; 'twisted': 0.16; 'sat,': 0.16; 'wrote:': 0.18; 'library': 0.18; 'looked': 0.18; 'bit': 0.19; 'trying': 0.19; 'passing': 0.19; 'input': 0.22; 'python?': 0.22; 'shell': 0.22; 'parse': 0.24; "i've": 0.25; 'equivalent': 0.26; 'handling': 0.26; 'this:': 0.26; 'header:In- Reply-To:1': 0.27; 'appear': 0.29; 'host': 0.29; 'am,': 0.29; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'keys': 0.31; "user's": 0.31; 'this.': 0.32; '(e.g.': 0.33; 'comment': 0.34; "i'd": 0.34; 'subject:with': 0.35; "can't": 0.35; 'received:209.85': 0.35; 'received:209.85.220': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'doing': 0.36; "didn't": 0.36; 'received:209': 0.37; 'server': 0.38; 'to:addr :python-list': 0.38; 'anything': 0.39; 'obtain': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'skip:u 10': 0.60; 'commands': 0.60; 'solve': 0.60; 'break': 0.61; 'length': 0.61; 'simple': 0.61; 'first': 0.61; 'email addr:gmail.com': 0.63; 'information': 0.63; 'such': 0.63; 'connecting': 0.64; 'capable': 0.67; 'smith': 0.68; 'article': 0.77; 'as:': 0.81; 'comment.': 0.84; 'pycrypto': 0.84; 'suited': 0.93; '2013': 0.98
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type; bh=nA9hV+ddC0PwvlyyGeDQyY7UI8Zwf5JXz5u8MfSdeT0=; b=dckeSTwzzPYo48R2Dph0VCpZRwF+3BGORn5+EYnPxoRKN9prHSjdRubiZgYrUqT9TD Wzg3+WPNTGLW8+4uvKsLiso9H7RMpC25u3knKv4CfylKuci/uwXsyMvJQ64N8fRE6CI6 rltFwNfhQ0uVZGLCP/fw2H9HtRLNjxP2dAtAm1nu1dZiH3yCqd/LfKCwHt0bg5qxU6IS n169Qns6qnRApH74agFHvfEMYsCTwDIEx3jgCbI0ERvQwRdTg/Ba1wbrchy/Nluj6VNV H9kskcrAVgb+Xg+BKQLqwOfZMH/xl41WH1B0FMYAn7kRB+tG6VxWRxnpO+7Ef5yBpfnE 0qaA==
MIME-Version: 1.0
X-Received: by 10.58.230.70 with SMTP id sw6mr1472110vec.36.1365321108774; Sun, 07 Apr 2013 00:51:48 -0700 (PDT)
In-Reply-To: <roy-C210AD.08490906042013@news.panix.com>
References: <mailman.187.1365227369.3114.python-list@python.org> <roy-C210AD.08490906042013@news.panix.com>
Date: Sun, 7 Apr 2013 00:51:48 -0700
Subject: Re: Library to work with SSH public keys
From: Darren Spruell <phatbuckett@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.234.1365321118.3114.python-list@python.org>
Lines: 39
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1365321118 news.xs4all.nl 6930 [2001:888:2000:d::a6]:35462
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:42981

On Sat, Apr 6, 2013 at 5:49 AM, Roy Smith <roy@panix.com> wrote:
> In article <mailman.187.1365227369.3114.python-list@python.org>,
>  Darren Spruell <phatbuckett@gmail.com> wrote:
>
>> I'd like to work with user submitted/uploaded SSH public keys from
>> Python. I'm trying to solve what I'd thought might be a simple need:
>> given a user's OpenSSH formatted _public_ key (RSA, or DSA, or
>> whatever), how do you obtain information about it such as: key type
>> (e.g. ssh-rsa, etc.); bit length (e.g. 2048); key comment (e.g.
>> user@hostname); key fingerprint? I've been fiddling with the Paramiko
>> API and looked at PyCrypto (supports OpenSSH keys) and Twisted Conch
>> but didn't see anything that looked like it did this.
>>
>> I'm looking for the equivalent to this:
>>
>> $ ssh-keygen -l -f tmp.key.pub
>> 2048 9b:31:06:6a:a4:79:97:33:d7:20:15:1f:cd:b4:86:4d dspruell@Sydney.local
>> (RSA)
>>
>> ...to get the attributes of the public key: key type, bit length,
>> fingerprint and comment.
>>
>> Is there an SSH library capable of doing this from Python? Can break
>> out to shell commands to parse them but I'd prefer not to.
>
> The first hit on googling "paramiko fingerprint" got me this:
>
> http://www.lag.net/paramiko/docs/paramiko.PKey-class.html

Indeed, and I seem to find it's not suited for the need. Many of the
methods appear to assume deriving information about public key parts
from private key input or for handling public keys sent by server when
connecting from client. I can't manage to wrangle desired or accurate
data out of passing in OpenSSH format public keys from a user keypair
(authentication key, not host key).

-- 
Darren Spruell
phatbuckett@gmail.com