## About

This article talks about the secret known as the private key in a asymmetric cryptographic scheme.

A private key is a cryptographic key that is private (that you should keep secret).

This page is about how to manage/create a What is a Public Key Cryptography (known as Asymmetric Cipher) ? private key.

An What is a Public Key Cryptography (known as Asymmetric Cipher) ? private key is categorized as something you have authentication.

## Management

### Algorithm Scheme

There is two asymmetric cryptographic scheme that defines how to create a private key.

There is therefore two types of key. The most known being RSA

- DSA

### File Format

Different file formats are used to store keys.

### Create

The creation of the private key is format dependent.

#### Pem

For a pem private key (the openssl format), you use:

- the genrsa
^{1)}utility to create a RSA private key. - the gendsa utility to create a DSA private key

Example: The below command ^{2)} creates a:

- encrypted using Triple-DES cipher with the passphrase yolo

```
openssl \
genrsa \
-des3 `# encrypt the key with DES in ede cbc mode (168 bit key)` \
-out private-key.pem `# the key file` \
-passout file:passphrase.txt `# the passphrase is in the file
4096 `# num of bit default to 2048
```

Output Example:

```
Generating RSA private key, 4096 bit long modulus (2 primes)
.................................++++
.........................................................................++++
e is 65537 (0x010001)
```

```
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B03FF7BC9D49E89C
8vSw4nlXuuAyJHfxnWCbi7QPW/QMgFU1HNlnSvt/10HEbSep+E6H8seRKwRK5TAW
q4TjSzrfL3Mg0Rq4jB3uEHLbEOFxoOOCrVLh+Okrdk4MmqTsUAFZaJMfAcy22Uqx
biHAHykE1Rp90Mnf8vbm4WukXDOeTmgr6x7ZJqIGaTZnF82kYz1IMoWoCy5mGfwD
ZCMHPkXRyCdQJikR+uDx/92waeCSJCcd6OXOJ/j3NFOZMzfrprUjYaIUc5EYXFgv
hEsIPHksKnboqFQzOZuqLCYNXSYq2Cld0CrEXTDDHNGWqZuT/5RLquwWmaBtqa+e
I63iL8a7d+1QvrUzuin34wUAZT7ccZdll6upq52C41J5zxw3oKlb5PqqrEhJ/C+Y
u0N7ap7A1ODw9lnKKHHsr391RedQ4l3yWPZdb+XzoyzSHMC8h45EK/VvHzXBBVu1
dsJaWLJUMaD4CviAeydV1159Qoddw2j6NcS94Iif6m4MEaH/NteTNFE2OgnD21so
v0k4vE8fKsYjbNJPLnGRxDOdTLQ1HVQVd2i9/PWj60hlE4Ef7hl/BaMC+GreM3xh
uV8MpBV+SDc2LhbVna0+CfB6vcZxIMsI1nHOQY4z4bNr14p2vRFtqRfWcy/M0fSC
madpGO1xNYnQZOvJEcHu6nGQsU6AgwpCKVizfxTQ8oAjrrvLdl9WvF4FWOvI2jxI
yVrQP0a/lRGN3Fh6DxS6EJSsMzwvr7htwfo+SVNYDMDlbUoFlvTHT9sMpKrh3Cke
oGrOjjCrPAlMmeKpqw1LOk1B1a/CgPM4BzwS4+MO5+KAwmVSpe/zOQ==
..............
.............
-----END RSA PRIVATE KEY-----
```

#### Ppk

For a ppk private key (Putty), see ppk create

### Decrypt / Suppress passphrase

With a:

- PEM Format: Pem decrypt
- With an openssh private key: OpenSsh keygen

```
-----BEGIN OPENSSH PRIVATE KEY-----
xxxxxxxxxx
-----END OPENSSH PRIVATE KEY-----
```

```
# with prompt of the passphrase
# where N is the new passphrase (ie empty)
# and f is the file
ssh-keygen -p -N "" -f /path/keyfile.pem
```