Puttygen unrecognized key type

The private key doesn't appear to be in ssh.com format – its headers are a lie.

The first few letters, MII…, decode to bytes 30 82, which is the start of an DER format ASN.1 "sequence" – and SSH.com does not use ASN.1 in its key format, but OpenSSL/OpenSSH does, for unencrypted RSA keys.

(However, if the key had a passphrase, it wouldn't be recognizable this way. See also note at the end.)

In comparison, SSH.com keys are most likely to start with P2/56…, or bytes 3f 6f f9 eb …. This kind of thing is what the words "magic numbers" mean: many formats are recognizable by specific bytes at the beginning – sometimes defined in the format spec, sometimes just a side effect of the data structures.

So if you ignore the text headers and try to Base64-decode the main blob of data, you'll find an ASN.1 structure exactly like OpenSSL uses for its old "bare RSA" format private keys. This is the same format that OpenSSH uses for most private key types.

# cat key.txt | sed "/^- /d; /^Comment:/d" | base64 -d > key.raw # dumpasn1 key.raw 0 1212: SEQUENCE { 4 1: INTEGER 0 7 13: SEQUENCE { 9 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1) 20 0: NULL : } 22 1190: OCTET STRING, encapsulates { 26 1186: SEQUENCE { 30 1: INTEGER 0 33 257: INTEGER : 00 DE EC 64 74 20 D3 E8 2B 07 9D C2 AF 17 8D 80 : 91 3B FD 99 C2 5F 6C B1 18 F5 BE A8 85 E0 1B 54 : 74 FF 43 83 3E FD 81 92 28 68 E1 C6 2B 1B 53 8F : 47 1E B0 19 1D 72 BB DB 53 9A C6 6E A8 9D 39 F9 [etc.] 294 3: INTEGER 65537 [etc.] # openssl rsa -in key.raw -inform DER -noout -text Private-Key: (2048 bit) modulus: 00:de:ec:64:74:20:d3:e8:2b:07:9d:c2:af:17:8d: 80:91:3b:fd:99:c2:5f:6c:b1:18:f5:be:a8:85:e0: [etc.] publicExponent: 65537 (0x10001) privateExponent: 22:4d:2d:12:da:67:48:f2:f0:0f:d4:20:55:87:32: 38:86:ca:d9:b1:39:36:34:14:f3:61:54:34:8f:5c: [etc.] [etc.] As you can see, OpenSSL recognizes it as its own format, containing unencrypted RSA parameters.

You can "recover" this key by:

  1. removing both - lines, and the Comment: line
  2. adding -BEGIN RSA PRIVATE KEY- at the top
  3. adding -END RSA PRIVATE KEY- at the bottom
  4. telling PuTTYgen to import it as an OpenSSH private key

However, with encrypted keys, the headers that OpenSSL expects are somewhat different – in particular, the DEK-Info: header contains the encryption algorithm and the salt (or is it the IV?) that was used for encrypting the data. Without it, you cannot decrypt the key even if you know the passphrase.

Puttygen to authorized_keys

Puttygen unable to use key file

Puttygen download heise

Puttygen import private key

Puttygen rsa private key