How do I get keys in the correct format with SSH-Keygen?

Support
#1

First time user here, I have been trying to setup my backup using

duplicacy -e -key test_key testing backup_to_here

and, after inputting my desired password, I get the unrecognized public key message.

I have tried searching for a solution to this but haven’t found anything useful to me. Mainly because I don’t have openssl and don’t know how to install it (on their site, its talking about building it or compiling it or something like that and that’s a little overwhelming for me as they say I require programs I don’t have installed either). Just feels like a lot of hoops I have to jump through when there could be an easier solution.

I generated my keys using

ssh-keygen -t rsa -b 4096 -f test_key -C test -m PEM

and, after entering my super secret passphrase of “password”, it tells me

Your identification has been saved in test_key.
Your public key has been saved in test_key.pub.
The key fingerprint is:
SHA256:CLBGYZ8dJ3B7LZ1tjo4LKYPbdaYQ8Sngt8n5VxqFS3g test
The key's randomart image is:
+---[RSA 4096]----+
|  =...+ .        |
| o + + = o o     |
|  + = o.o.+ o    |
| o . +.+E..+     |
|  . + +oSo. .    |
|   + * .oo.      |
|  . O + ++.      |
|   o * =o.       |
|  . . o..        |
+----[SHA256]-----+

If I open the private key, it has the proper “begin/end rsa key” entries I’ve read about.

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,D667AE5843D6435C0FE25A6E38F7E542

<code_goes_here>
-----END RSA PRIVATE KEY-----

The public key does not. When I open it, it contains

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAy+KFrSU+kogbZWQ6L/F+8UcCUJTiF4gmbWFvpIR1JW24MUXQpxuq8gudoCHQMMHjraK+9I7Lru7cl+tkjlN/8eut/jXQV8/i6l4sk0InqeU9JExMfoUeYogfGPRN/Zw+c+PIif8leMXd75D6QO4jBPLUpyMVL2BP635eY+8mncTO2ZOvQnIiiJevq9azs1mz3LSmoUsuCglSQ5WqUrDSc0XoEAbSGx5k/p0K7EQuQbTRa6fl9HhRJJ6dSkN0keyPOizrpbmMIJPkuO0WGxvVp3ZU8KYquez9+95/dMXav22C4xDJX5Ddizcm5xjFOYzHSzvp4ak5ZImjvQllbZWOC3LaT/ilRzcsffk3ZgB08c6K/MP2qH89lQPZ0oouaONFVl8JhOWcjZzbNjzmT46lRT2MOqPtNPIcdHp4luLR6u/Jz1encmFfFrRBbxlgX52bSLH45/ZcJ2M1RUfH5Yr8R8Fl8zCQJJwcSqXpktzaNVJJu7PD/DtlF0M1LDUiuwGYeLxv6ogDTS1a9qBSXiOYEb40cZNcvIfW4rPtUaZfh6R5wteaRNeAxCreLbgDSl/EwClkead/GBlzxaqcVP2A4JO4jz+HdWJ2KsZ3bQWT9q5DLMSCXDl5VMrfPb5k27OXDLaTi1Js+ZSMSq7MtpDpmv5on11UFeufHSndzE61yw== test

all on one line.

How can I get the proper public key format using SSH-Keygen? Or can someone help me figure out how to get OpenSSL installed? I would really rather not have to install anything extra though (some site was saying to install some chocolate program to get OpenSSL).

I will come back and edit this with more exact details once I get to my PC (I’m on my phone right now).

EDIT I have edited the post with the correct info and formatting. Is this the correct way to do it?

ssh-keygen -e -f test_key -m PEM | Out-File test_key.pem

test_key.pem contains:

-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAwMviha0lPpKIG2VkOi/xfvFHAlCU4heIJm1hb6SEdSVtuDFF0Kcb
qvILnaAh0DDB462ivvSOy67u3JfrZI5Tf/Hrrf410FfP4upeLJNCJ6nlPSRMTH6F
HmKIHxj0Tf2cPnPjyIn/JXjF3e+Q+kDuIwTy1KcjFS9gT+t+XmPvJp3EztmTr0Jy
IoiXr6vWs7NZs9y0pqFLLgoJUkOVqlKw0nNF6BAG0hseZP6dCuxELkG00Wun5fR4
USSenUpDdJHsjzos66W5jCCT5LjtFhsb1ad2VPCmKrns/fvef3TF2r9tguMQyV+Q
3Ys3JucYxTmMx0s76eGpOWSJo70JZW2Vjgty2k/4pUc3LH35N2YAdPHOivzD9qh/
PZUD2dKKLmjjRVZfCYTlnI2c2zY85k+OpUU9jDqj7TTyHHR6eJbi0ervyc9Xp3Jh
Xxa0QW8ZYF+dm0ix+Of2XCdjNUVHx+WK/EfBZfMwkCScHEql6ZLc2jVSSbuzw/w7
ZRdDNSw1IrsBmHi8b+qIA00tWvagUl4jmBG+NHGTXLyH1uKz7VGmX4ekecLXmkTX
gMQq3i24A0pfxMApZHmnfxgZc8WqnFT9gOCTuI8/h3VidirGd20Fk/auQyzEglw5
eVTK3z2+ZNuzlwy2k4tSbPmUjEquzLaQ6Zr+aJ9dVBXrnx0p3cxOtcsCAwEAAQ==
-----END RSA PUBLIC KEY-----
#2

Not sure if it’s possible to do with ssh-keygen.

You can just do as described in the manual:

To get openssl – assuming you have windows – just install WSL1 or WSL2 (Windows Subsystem for Linux) from “Add features” or whatever it is called today in windows. You will get full linux user space with all the tools, and won’t need to deal with a zoo of ports.

You can do that in the command line too (cmd):

wsl --install

Reboot when/if prompted, relaunch the cmd again and set the chosen WSL version as default:

wsl --set-default-version 2

or

wsl --set-default-version 1

Then you can install any environment you prefer:

 wsl --list --online
 wsl --install -d ubuntu-20.04

Unless the shell into the newly installed distribution has launched in a separate window – launch it by name, e.g. ubuntu2004 (note, with the punctuation removed (why, Microsoft, why??) or just run default with wsl.

Now you are inside linux user mode subsystem. You can install whatever-you-want:

 sudo apt update
 sudo apt -y upgrade
 sudo apt -y install whatever-you-want
#3

Hey, thanks for the suggestions. I have edited my initial post with more exact info. Could you confirm if this is the correct format?

-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAwMviha0lPpKIG2VkOi/xfvFHAlCU4heIJm1hb6SEdSVtuDFF0Kcb
qvILnaAh0DDB462ivvSOy67u3JfrZI5Tf/Hrrf410FfP4upeLJNCJ6nlPSRMTH6F
HmKIHxj0Tf2cPnPjyIn/JXjF3e+Q+kDuIwTy1KcjFS9gT+t+XmPvJp3EztmTr0Jy
IoiXr6vWs7NZs9y0pqFLLgoJUkOVqlKw0nNF6BAG0hseZP6dCuxELkG00Wun5fR4
USSenUpDdJHsjzos66W5jCCT5LjtFhsb1ad2VPCmKrns/fvef3TF2r9tguMQyV+Q
3Ys3JucYxTmMx0s76eGpOWSJo70JZW2Vjgty2k/4pUc3LH35N2YAdPHOivzD9qh/
PZUD2dKKLmjjRVZfCYTlnI2c2zY85k+OpUU9jDqj7TTyHHR6eJbi0ervyc9Xp3Jh
Xxa0QW8ZYF+dm0ix+Of2XCdjNUVHx+WK/EfBZfMwkCScHEql6ZLc2jVSSbuzw/w7
ZRdDNSw1IrsBmHi8b+qIA00tWvagUl4jmBG+NHGTXLyH1uKz7VGmX4ekecLXmkTX
gMQq3i24A0pfxMApZHmnfxgZc8WqnFT9gOCTuI8/h3VidirGd20Fk/auQyzEglw5
eVTK3z2+ZNuzlwy2k4tSbPmUjEquzLaQ6Zr+aJ9dVBXrnx0p3cxOtcsCAwEAAQ==
-----END RSA PUBLIC KEY-----

I am now getting the message Unsupported public key type RSA PUBLIC KEY in test_key.pem

#4

This is what I have just done, and it worked, but it wasn’t on windows. Can you try the same in WSL?

% openssl genrsa -aes256 -out private.pem 2048
Generating RSA private key, 2048 bit long modulus
.............................+++
.....................+++
e is 65537 (0x10001)
Enter pass phrase for private.pem:
Verifying - Enter pass phrase for private.pem:

% openssl rsa -in private.pem  -pubout -out public.pem
Enter pass phrase for private.pem:
writing RSA key

% head public.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkuXLkKuP7+HLnXmO+vFl
1n6qyeouTvvXs/UxpVKrMDXBeDPF8Enp+Kwqhk2uds+edB+Bt1NOVCFSCDhpsawh
P5E3CHdLmyI6c9QCJeSZMYVrlp325sT6RhnyhagBJUi4MvMcFzKseuIsxvy9sVmq
3ZwMCklZEsKcdNH3cmli79ydhDsYSJnp53L+RUcGMdnPCf+IzzHLbijrY8JV3jOA
jhyvBbMZDsMd47taVaGWefsfM+ld25SYx3Oy1VmzWzakrtwjcj8GaFkAAxynUx7A
NsL87zFyDQi1tVeyvkgxF2j66VfE5sSfHXa7r6LD4prRxWEd5uXhHXaNV0d0OR0I
BQIDAQAB
-----END PUBLIC KEY-----

% mkdir /tmp/1

% ./duplicacy init -e -key ./public.pem test /tmp/1
Enter storage password for /tmp/1:********
Re-enter storage password:********
/tmp/test will be backed up to /tmp/1 with id test

%
#5

I couldn’t use wsl because for some reason I can’t get either of these to work

 wsl --list --online
 wsl --install -d ubuntu-20.04

What I ended up doing was installing Git for Windows, since I read another thread where someone said OpenSSL was included with it. I can do $ openssl genrsa -out otk2 4096 and it generates the key just fine. I’m having an issue with the -aes256 option.

It won’t go past this

$ openssl genrsa -aes256 -out otk1 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
.....................................................................................................................................................................+++++
.......................+++++

Nothing about a pass phrase or anything else. Any ideas?

EDIT I think I found a way to make this work, but I need someone else to help me confirm if it would work or not.

Two things:

  1. I went to C:\Program Files\Git\usr\bin and opened OpenSSL from there (double-clicked the exe file) and it opened in a window that looks like a CMD window. Each line starts with OpenSSL> and I managed to run genrsa, genrsa 2048, genrsa 4096, and genrsa -aes256 4096 successfully. I just don’t know how to output the results to a file. -out, | Out-File, and > path_to_file have not worked for me, so I have decided to just copy and paste the result to a new file.

  2. I found out that OpenSSL and SSH-Keygen both produce similarly formatted private keys. Both have:

    • -----BEGIN RSA PRIVATE KEY-----
    • max of 64 characters per line
    • -----END RSA PRIVATE KEY-----

The only differences are that 1) SSH-Keygen encryption is AES-128-CBC and OpenSSL I assume you can change and 2) OpenSSL ends the lines with CRLF and SSH-Keygen ends them with LF. (I don’t know if that affects anything since after changing to CRLF the SHA256 fingerprint remained the same)

My idea is to just copy and paste the result from the OpenSSL window I mentioned above into a new file and then generate the public key from that.

This should work, right? I’m just assuming this since the public key is dependent on the private key (unless I got it wrong here).

Looks like it did work. Still not sure about why it got stuck when using it through Git Bash, but regardless I appreciate the help.