rsa key exponent can sometimes be 1 or 2 bytes

[ianmcmahon]

Right now, encoding to ssh-rsa format always encodes exponent as an unsigned 32 bit int. That is correct behavior for the typical 65537 exponent that current keys I generate have, but I have older keys with an exponent of 35, and they are encoded in ssh-rsa format in an unsigned 8 bit int. These keys don't encode to the same format with my tool that they do with ssh-keygen.

[devinodaniel]

Hello, I stumbled across this when using your EncodePublicKey() function with a rsa.PrivateKey generated with the "crypto/rsa" package using rsa.GenerateKey(rand.Reader, 4096). The Public Key that was created using your function is as below: (truncated for brevity)

ssh-rsa AAAAB3NzaC1yc2EAAAAEAAEAAQAAAgC2u3I/nbN9jcWDV..

However when running ssh-keygen -y -f id_rsa the below is created:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2u3I/nbN9jcWDV...

Notice how the bits in bold are slightly different. This causes SSH authentication to not work.

Is this what you expect? Any ideas on a workaround for a fix?

[devinodaniel]

I was able to bypass the need for your convenience function by using the "golang.org/x/crypto/ssh" package to create the Public Key. For reference for others: https://gist.github.com/devinodaniel/8f9b8a4f31573f428f29ec0e884e6673