convert ed25519 private ssh key to RSA private key

5.2k views Asked by At

I'm looking to convert an ed25519 private key to an rsa private key using ssh-keygen.

I found this helpful guide but I am having trouble figuring out how to specify that the input format is ed25519 and the export format should be rsa.

I've tried a bunch of different ways trying to match the synopsis and the description of flags, but every time I try, I get "Too many arguments" error from ssh-keygen.

I'd also like to find the command to generate a public key from a ed25519 private key to verify that it works.

2

There are 2 answers

0
Tejas Sarade On BEST ANSWER

No, it can't be converted. RSA and EdDSA are not just different types of keys, these are totally different Cryptosystems. Key generation algorithms, private keys are just part of it.

All the conversion options available in ssh-keygen are usually convert one type of RSA key to another type of RSA key. e.g. converting OPENSSH RSA key to PKCS8 RSA key. Basically, that so called conversion is just packaging RSA key in different ways.

0
VonC On

As mentioned in "How to generate secure SSH keys", ED25519 is an EdDSA signature scheme using SHA-512 (SHA-2) and Curve25519

The main problem with EdDSA is that it requires at least OpenSSH 6.5 (ssh -V) or GnuPG 2.1 (gpg --version), and maybe your OS is not so updated, so if ED25519 keys are not possible your choice should be RSA with at least 4096 bits.

To generate the private key:

ssh-keygen -t ed25519 -P "" -f myid_ed25519

From the private key, you can generate its public key (which has nothing to do with RSA):

ssh-keygen  -y -f myid_ed25519 > myid_ed25519.pub