Skip to end of metadataGo to start of metadata
Applies to:
SAP Netweaver PI based SFTP Adapters
Summary
An example private key. In Bitcoin, a private key is a 256-bit number, which can be represented one of several ways. Here is a private key in hexadecimal - 256 bits in hexadecimal is 32 bytes, or 64 characters in the range 0-9 or A-F.
The following sections briefly describe the steps to create SSH key pairs which can be used as an alternative for password based authentication. It also includes steps to verify key based authentication and import the keys in NWA key storage. It mainly foucses on creating PKCS12 Keys from OpenSSH Keys.
Author(s):
Sivasubramaniam Arunachalam
Company: SAP Labs
Created on: 30-Dec-2011
Author(s) Bio
Sivasubramaniam Arunachalam is a senior developer at SAP Labs (Technology Innovation Platform). He is currently occupied with PI 7.31 development/maintenace activities. Since Sivasubramaniam joined SAP Labs in July 2010, he has developed new features in several adapters/areas including File, JDBC, IDoc, SOAP/XI, HTTP, JPR, B2B(RNIF 1.1/2.0, CIDX & PIDX) Adapters, XML Validation and Mapping Runtime. Currently, he is the component responsible for File, JDBC, B2B Adapters and XML Validation and takes care of all new development, enhancement and maintenance activities.
Table of Contents
Tools Required
Public Key Generation What's It Look Like Today
- PuTTY Key Generator
- PuTTY
- Open SSL Utility
- SSH Key Generator
- Cygwin(for Windows Users) with the following packages
- OpenSSL
- SSH
Keys to be Generated
- Public Key (OpenSSH Format)
- Private Key (Putty Format)
- Private Key (PEM)
- Public Key (X.509 Certificate)
- Private Key (PKCS 12)
Use PuTTY Key Generator to Create SSH Public/Private Keys
- Download PuTTYgen.exe from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
- Select SSH2-RSA as a key type
- Click on 'Generate' and move your mouse cursor in 'Key' section to generate the keys based on random mouse move co-ordinates.
- After the required mouse movements, it will generate the random key
- Click 'Save public key' and save it as 'public_key' name
- It will look like below
- Click 'Save private key' and save it as 'private_key.ppk' name
- It will look like below
- Leave Passphrase fields as blank and Select Conversions -> Export OpenSSH key
- Ignore the warning by choosing 'Yes'
- Save it under 'private_key.pem' name
- It will look like below
- The following keys are created
Use Open SSL to Create X.509 and P12 Certificates
- If you are in windows, use Cygwin
- Navigate to the location where the keys generated above are stored
- Create the X509 certificate from the private key
- It will look like below
- Create the PKCS type 12 Keystore
- Provide the password (which will be used in channel configuration)
- The created key would be in encrypted (binary) form
Import the Private Key into NWA Key Store
- Open the nwa key store and create a new view called SFTP_TEST
- Click on 'Import Entry' and select the generated p12 file
- After import, verify the entries.
Configure the Public Key in SSH Server
- Copy the public key in to SSH Server via SFTP
- Login to SSH server verify the copied public key
- Since the public key does not have any permissions, change it to 400 (for read)
- Use ssh-keygen tool to create openSSH format public key
- Add the created openSSH public key to authorized_keys filles
- Check the permissions of .ssh folder and authorized_keys file for access permissions
Verify the Key Pairs with PuTTY
- Now, the key based authentication can be verified with PuTTY.
- Enter the host name and port
Public Key Generation What's It Look Like Meme
- Select the private key (.ppk)
- Confirm the Security alert
- If the configuration is correct, the connection will be established successfully
This page contains sample addresses and/or private keys. Do not send bitcoins to or import any sample keys; you will lose your money.
A private key in the context of Bitcoin is a secret number that allows bitcoins to be spent.Every Bitcoin wallet contains one or more private keys, which are saved in the wallet file.The private keys are mathematically related to all Bitcoin addresses generated for the wallet.
Because the private key is the 'ticket' that allows someone to spend bitcoins, it is important that these are kept secret and safe.Private keys can be kept on computer files, but are also often written on paper.
Private keys themselves are almost never handled by the user, instead the user will typically be given a seed phrase that encodes the same information as private keys.
Some wallets allow private keys to be imported without generating any transactions while other wallets or services require that the private key be swept.When a private key is swept, a transaction is broadcast that sends the balance controlled by the private key to a new address in the wallet.Just as with any other transaction, there is risk of swept transactions to be double-spending.
In contrast, bitcoind provides a facility to import a private key without creating a sweep transaction.This is considered very dangerous, and not intended to be used even by power users or experts except in very specific cases. Importing keys could lead to the Bitcoins being stolen at any time, from a wallet which has imported an untrusted or otherwise insecure private key - this can include private keys generated offline and never seen by someone else[1][2].
An example private key
In Bitcoin, a private key is a 256-bit number, which can be represented one of several ways.Here is a private key in hexadecimal - 256 bits in hexadecimal is 32 bytes, or 64 characters in the range 0-9 or A-F.
Range of valid ECDSA private keys
Nearly every 256-bit number is a valid ECDSA private key. Specifically, any 256-bit number from 0x1 to 0xFFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFE BAAE DCE6 AF48 A03B BFD2 5E8C D036 4140 is a valid private key.
The range of valid private keys is governed by the secp256k1 ECDSA standard used by Bitcoin.
Hierarchical Deterministic (HD) Wallet Keys
- Main article: Hierarchical deterministic wallet
Wallet software may use a BIP 32 seed to generate many private keys and corresponding public keys from a single secret value. This is called a hierarchical deterministic wallet, or HD wallet for short. The seed value, or master extended key, consists of a 256-bit private key and a 256-bit chain code, for 512 bits in total. The seed value should not be confused with the private keys used directly to sign Bitcoin transactions.
Users are strongly advised to use HD wallets, for safety reasons: An HD wallet only needs to be backed up once typically using a seed phrase; thereafter in the future, that single backup can always deterministically regenerate the same private keys. Therefore, it can safely recover all addresses, and all funds sent to those addresses. Non-HD wallets generate a new randomly-selected private key for each new address; therefore, if the wallet file is lost or damaged, the user will irretrievably lose all funds received to addresses generated after the most recent backup.
Base58 Wallet Import format
- Main article: Wallet import format
When importing or sweeping ECDSA private keys, a shorter format known as wallet import format is often used, which offers a few advantages.The wallet import format is shorter, and includes built-in error checking codes so that typos can be automatically detected and/or corrected (which is impossible in hex format) and type bits indicating how it is intended to be used.Wallet import format is the most common way to represent private keys in Bitcoin.For private keys associated with uncompressed public keys, they are 51 characters and always start with the number 5 on mainnet (9 on testnet). Private keys associated with compressed public keys are 52 characters and start with a capital L or K on mainnet (c on testnet). This is the same private key in (mainnet) wallet import format:
When a WIF private key is imported, it always corresponds to exactly one Bitcoin address.Any utility which performs the conversion can display the matching Bitcoin address.The mathematical conversion is somewhat complex and best left to a computer, but it's notable that the WIF guarantees it will always correspond to the same address no matter which program is used to convert it.
Public Key Generation What's It Look Like Today
The Bitcoin address implemented using the sample above is: 1CC3X2gu58d6wXUW_SAMPLE_ADDRESS_DO_NOT_SEND_MffpuzN9JAfTUWu4Kj
Mini private key format
- Main article: Mini private key format
Some applications use the mini private key format. Not every private key or Bitcoin address has a corresponding mini private key - they have to be generated a certain way in order to ensure a mini private key exists for an address. The mini private key is used for applications where space is critical, such as in QR codes and in physical bitcoins. The above example has a mini key, which is:
Summary
Any Bitcoins sent to the address 1CC3X2gu58d6wXUW_SAMPLE_ADDRESS_DO_NOT_SEND_MffpuzN9JAfTUWu4Kj can be spent by anybody who knows the private key implementing it in any of the three formats, regardless of when the bitcoins were sent, unless the wallet receiving them has since made use of the coins generated.The private key is only needed to spend the bitcoins, not necessarily to see the value of them.
If a private key controlling unspent bitcoins is compromised or stolen, the value can only be protected if it is immediately spent to a different output which is secure.Because bitcoins can only be spent once, when they are spent using a private key, the private key becomes worthless.It is often possible, but inadvisable and insecure, to use the address implemented by the private key again, in which case the same private key would be reused.
Public Key Generation What's It Look Like Now
See Also
References
- ↑Bitcoin StackExchange - Why doc says importing private keys is so dangerous?
- ↑Bitcoin StackExchange - Why so many warnings about importing private keys?