Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Generating RSA Keys
Hi, I am trying to generate a couple of keys to sign some URLs in cloudfront, according to the https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html?icmpid=docs_cf_help_panel#private-content-creating-cloudfront-key-pairs documentation, using the commands to generate the keys works perfectly,
openssl genrsa -out private_key.pem 2048 <-- private key
openssl rsa -pubout -in private_key.pem -out public_key.pem <-- public key
the problem is when I generate them in 1Password, I specify RSA type and a lenght of 2048, but the public key that generates is different, compare with the one I create manually.
the ones I generate manually start with a header -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY-----
Example of a manually generated key
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3K+LBj3pC4JaQD48r8E
QhI9YaSoO3PBDmiTQyOrVxY7JJQqv31aYCManKNupe9H/geK7HHzoNkFeyIq+rTB
9KaD3a2tLFZs6T6IsT0UBlzFNNjC1lSrGYOKaF31n+hEWrtLMG0m8f/cahT8/Syq
yG8IfpdpF7zLqWbdGt7JS9+Qj0hfLIt8SDlJ92gs9A5giY3VyRlteMk/l3Ky80Te
YdReUqw8EoVUcT81uRp6KgPqpgJ4YMvMsaVnfu2xzJJan4ydByF0Djvzx0PQbNuu
F1xIDJqJv7VQI/vQsiqjm7To60ybZJUMrARgkpTp9tPV6COqR28FR6Og4raqhyMK
UQIDAQAB
-----END PUBLIC KEY-----
Example of a key generated with 1password
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWoM3Q9/IXdU6K3io70H21xnK0QJkdAcRycv/ksWXX4UxQ/hXTNRNORpqZZv2QIv9oFvypLIm9wfouPvt1C8fKvysOeKjjGLl8FFEdlsZT/PY97C9BTldcCr1HP3B7+hzcyY1nKaSSK7uyxXFzSi8qf6knnyK6rh6euVJ4eu7UgDlbgR7Z6aH25bh3uwuBV2bIDjIGV0lXr5yfKTLli5MbLAHAPW6pnu9dA2/6dzEBnOwLyRzkuWmE53+PrA7EM3uLTtFiCK4naVx7SGC8TNefkHCMFJJub4pR9FY+CRoHffHYej2Rk2ijHCAM6mTU6AeNQ5mOwz2yX4DVvIqm+qNp
the ones generated automatically in 1Password don't have it and when I try to add it I get an error:
Your request contains empty/invalid/out of limits RSA Encoded Key
1 Reply
What you are requesting is called PEM format, PKCS#8 to be more specific.
Unfortunatly 1Password doesn't allow the export in different formats. You have to convert it yourself.
Easiest solution is to save it to a file and then convert it with ssh-keygen. If you use the 1pw cli tool you can also pipe it directly into ssh-keygen.
ssh-keygen -f key.pub -e -m pem
