ec2-fingerprint-key

これを使って

ec2-describe-keypair gsg-keypair
KEYPAIR	gsg-keypair	xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
ec2-fingerprint-key ~/.ssh/id_rsa-gsg-keypair
xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx

とすると、どの鍵がどの名前で登録されてるか確認できていい感じ。なんだけど、これをperlでやりたいんだが、元のデータが何なのかよくわからん。

my $footprint = join ':', map {sprintf "%02x", ord} split //, sha1($data);

って感じなんだろうけど。

$ openssl rsa -in .ssh/id_rsa -outform DER | openssl sha1
writing RSA key
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

としても違うんだなぁ。なんだろ。man読めman。

[danjou@sylvia] $ ec2-fingerprint-key -h
  SYNOPSIS
     ec2fp (ec2-fingerprint-key)
     ec2fp [GENERAL OPTIONS] KEYFILE
  GENERAL NOTES
     Any command option/parameter may be passed a value of '-' to indicate
     that values for that option should be read from stdin.
  DESCRIPTION
     Generate a fingerprint for a private key generated by Amazon EC2.
     The KEYFILE parameter is a file containing an unencrypted PEM encoded
     PKCS#8 private key (as generated by Amazon EC2).

  GENERAL OPTIONS

     -v, --verbose
          Verbose output.

     -?, --help
          Display this help.

     -H, --headers
          Display column headers.

     --debug
          Display additional debugging information.

     --show-empty-fields
          Indicate empty fields.

Net::Amazon::EC2::DescUserKContriNet::Amazon::EC2::DescribeKeyPairsResponse(3)

NAME
       Net::Amazon::EC2::DescribeKeyPairsResponse

DESCRIPTION
       A class representing a key pair.

ATTRIBUTES
       key_name (required)
           The name of the key pair.

       key_fingerprint (required)
           A fingerprint for the private key of the key pair. This is calculated as
           the SHA-1 of the DER version of the private key.

AUTHOR
       Jeff Kim <jkim@chosec.com>

COPYRIGHT
       Copyright (c) 2006-2008 Jeff Kim. This program is free software; you can
       redistribute it and/or modify it under the same terms as Perl itself.

perl v5.8.8                      Net::Amazon::EC2::DescribeKeyPairsResponse(3)

これはあてにしていいのかなぁ。

→なんかjava書いてますよ。やー、macはなんでもできるなぁ。くそー。

openssl pkcs8 -in ~/.ssh/id_rsa-gsg-keypair -nocrypt -topk8 -outform DER|openssl sha1

これか。なるほどー。そうかそうか。

The KEYFILE parameter is a file containing an unencrypted PEM encoded PKCS#8 private key (as generated by Amazon EC2). « なるほどねー。確かにその通りだ。→で、どうやってperlで実装するかですか次は。 →Net::SSLeayすか？？→使い方がわからん＞＜ → http://ssl.ohmsha.co.jp/cgi-bin/menu.cgi?ISBN=4-274-06573-1 この本薦められた。 →なんかxsっぽい流れだなぁ。いやん。