I needed a pair of DSA keys recently, not standard ssh DSA keys but PEM keys. Creating DSA PEM keys is something best suited to
openssl but it can be a pain in the butt to get the params set up right. And othing creates key pairs quite as easily as
ssh-keygen so I thought, what the heck, let’s combine the best of both worlds.
I figured I’d keep my new keys in
~/.ssh where my RSA keys already live:
$ cd ~/.ssh
The next step is to create an ssh DSA key pair with
-t sets the type (dsa in this case) while
-b sets the number of bits (dsa are limited to 1024):
$ ssh-keygen -t dsa -b 1024
You’ll be asked for a file name and location (default is fine), and ask you for a passphrase. Unless you want the client side to always be prompted for a passphrase, I’d leave this blank.
Then we’ll use
openssl to convert the ssh private dsa to a PEM. The default dsa we just created would be called
id_dsa. If you named it otherwise, then change this line accordingly after the
$ openssl dsa -in id_dsa -outform pem > dsa_priv.pem
Now we have a private DSA PEM that we can use to create our public PEM:
$ openssl dsa -in dsa_priv.pem -pubout -out dsa_pub.pem
~/.ssh folder you’l now have
dsa_pub.pem. Keep the private DSA PEM in a safe place and use the
dsa_pub.pem as necessary for your client needs.