About
This article talks about the secret known as the private key in a asymmetric cryptographic scheme.
A private key is a cryptographic key that is private (that you should keep secret).
This page is about how to manage/create a What is a Public Key Cryptography (known as Asymmetric Cipher) ? private key.
An What is a Public Key Cryptography (known as Asymmetric Cipher) ? private key is categorized as something you have authentication.
Management
Algorithm Scheme
There is two asymmetric cryptographic scheme that defines how to create a private key.
There is therefore two types of key. The most known being RSA
- DSA
File Format
Different file formats are used to store keys.
Create
The creation of the private key is format dependent.
Pem
For a pem private key (the openssl format), you use:
- the gendsa utility to create a DSA private key
Example: The below command 2) creates a:
- encrypted using Triple-DES cipher with the passphrase yolo
openssl \
genrsa \
-des3 `# encrypt the key with DES in ede cbc mode (168 bit key)` \
-out private-key.pem `# the key file` \
-passout file:passphrase.txt `# the passphrase is in the file
4096 `# num of bit default to 2048
Output Example:
Generating RSA private key, 4096 bit long modulus (2 primes)
.................................++++
.........................................................................++++
e is 65537 (0x010001)
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B03FF7BC9D49E89C
8vSw4nlXuuAyJHfxnWCbi7QPW/QMgFU1HNlnSvt/10HEbSep+E6H8seRKwRK5TAW
q4TjSzrfL3Mg0Rq4jB3uEHLbEOFxoOOCrVLh+Okrdk4MmqTsUAFZaJMfAcy22Uqx
biHAHykE1Rp90Mnf8vbm4WukXDOeTmgr6x7ZJqIGaTZnF82kYz1IMoWoCy5mGfwD
ZCMHPkXRyCdQJikR+uDx/92waeCSJCcd6OXOJ/j3NFOZMzfrprUjYaIUc5EYXFgv
hEsIPHksKnboqFQzOZuqLCYNXSYq2Cld0CrEXTDDHNGWqZuT/5RLquwWmaBtqa+e
I63iL8a7d+1QvrUzuin34wUAZT7ccZdll6upq52C41J5zxw3oKlb5PqqrEhJ/C+Y
u0N7ap7A1ODw9lnKKHHsr391RedQ4l3yWPZdb+XzoyzSHMC8h45EK/VvHzXBBVu1
dsJaWLJUMaD4CviAeydV1159Qoddw2j6NcS94Iif6m4MEaH/NteTNFE2OgnD21so
v0k4vE8fKsYjbNJPLnGRxDOdTLQ1HVQVd2i9/PWj60hlE4Ef7hl/BaMC+GreM3xh
uV8MpBV+SDc2LhbVna0+CfB6vcZxIMsI1nHOQY4z4bNr14p2vRFtqRfWcy/M0fSC
madpGO1xNYnQZOvJEcHu6nGQsU6AgwpCKVizfxTQ8oAjrrvLdl9WvF4FWOvI2jxI
yVrQP0a/lRGN3Fh6DxS6EJSsMzwvr7htwfo+SVNYDMDlbUoFlvTHT9sMpKrh3Cke
oGrOjjCrPAlMmeKpqw1LOk1B1a/CgPM4BzwS4+MO5+KAwmVSpe/zOQ==
..............
.............
-----END RSA PRIVATE KEY-----
Ppk
For a ppk private key (Putty), see ppk create
Decrypt / Suppress passphrase
With a:
- PEM Format: Pem decrypt
- With an openssh private key: OpenSsh keygen
-----BEGIN OPENSSH PRIVATE KEY-----
xxxxxxxxxx
-----END OPENSSH PRIVATE KEY-----
# with prompt of the passphrase
# where N is the new passphrase (ie empty)
# and f is the file
ssh-keygen -p -N "" -f /path/keyfile.pem