Generating auth key for Github


I’ve tried to generate a key pair using this opensc command:

pkcs11-tool -l --keypairgen --key-type rsa:4096 --label my-github --id 1

I then exported its public key:

pkcs11-tool -r --id 1 --type pubkey -o my-github.key

I then used openssl to convert the public key format:

openssl rsa -pubin -in my-github.key -out my-github.pem -inform der

But I end up with this message when I try to import the key as an authentication key in Github.

Key is invalid. You must supply a key in OpenSSH public key format

Could you please help me figure out what’s wrong?

The alternative would be to generate the key pair with openssl locally and import the private key to the nitrokey using pkcs15-tool but well, that’s not the point of such HSM key… :slight_smile:

On this forum we’ve had an attempt to do this with EC keys already:

(you are using RSA so you are not affected by the potential problem mentioned there).

But once you get the key in the proper format you’ll run into another issue - getting SSH to talk to the HSM during authentication.

Here is a guide how to do this:

Thank you for your message.
You made me think again and I’ve found that I had to export the public key this way instead:

pkcs15-tool --read-ssh-key 1

Next step is to get my client to use the key. I’ll follow the doc, thank you! :slight_smile:

1 Like