Converting RSA1 SSH public keys

SSH-1, or rsa1 is an older format of SSH keys. It can, for instance, be obtained with older versions of ssh-keygen -t rsa1, or with PuTTY, and will look like the following:

$ puttygen -t rsa1 -o test
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Enter passphrase to save key:
Re-enter passphrase to verify:

$ puttygen test -O public
2048 65537 16251962480195134751150127803510404560433330990815728187172665182127552139370498826781330401646404095480611958457323759132733678847615833105754079326219770347900216074266600120426705902285217962525649793476615791145464950634074968877052460239338900028432057013880768029009131300459323302039604672432938897653804964886343444145263249481538731092200632642081830004892643935750255046251816018279127800269728097329013425167537007684625757276797906238591720024767802753929404947297891473517295565754714251419864351277500746993400383564222530534378474060790286299101022931676028065259600066440356825423231071500137545777663 rsa-key-20221109

That public SSH key format contains 4 fields, separated with spaces:

• length in bits of the modulus n: key size
• exponent, using the common value of 65537
• modulus n
• comment

This public key cannot be directly added in an authorized_keys file of openssh. Because of that, rsa1 keys need to be converted to OpenSSH format. This can be done using Python’s PyCryptodome by reconstructing the RSA key from its components, then exporting it to the right format:

from Crypto.PublicKey.RSA import construct

e = 65537
n = 16251962480195134751150127803510404560433330990815728187172665182127552139370498826781330401646404095480611958457323759132733678847615833105754079326219770347900216074266600120426705902285217962525649793476615791145464950634074968877052460239338900028432057013880768029009131300459323302039604672432938897653804964886343444145263249481538731092200632642081830004892643935750255046251816018279127800269728097329013425167537007684625757276797906238591720024767802753929404947297891473517295565754714251419864351277500746993400383564222530534378474060790286299101022931676028065259600066440356825423231071500137545777663
pubkey = construct((n, e))
openssh_pubkey = pubkey.exportKey('OpenSSH')
print(openssh_pubkey.decode())

The result is:

$ python script.py
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCAvYcDuo18zZ9OZH1gzeiR83i86ww4IwXHEmjY9/rKlt+GdBArQQIIUTHc3BJT5I+9C2xGI5uaIUU6nHSsseQz57JQcKdHBBNAiKWfSjKVebhekC3LATcgYcn3PEKC86W0CnhgMsTtkoN+UnTiNYYArAd8DkBOLcW03++IMWmjhVZF8ndOIwUk0cs/XGCRwtHTiQrJP7wtXLw+9lT0mcYjaUo7a9uPOCX1wB5FKdwgi1XlvsUo0YlAxOFVPNIf0KCcWyr+7WRdk9/HajyRDxlD8oyt4WdtMloXSnFjBknCpRd2dVfz7TvOPm9eM+9XQjwxrRODfcy27LHz2b5qasH/