Cryptographic - Private Key

Public Key Crypto Pair Key Creation

About

This article talks about the secret known as the private key in a asymmetric cryptographic scheme.

A private key is a cryptographic key that is private (that you should keep secret).

This page is about how to manage/create a What is a Public Key Cryptography (known as Asymmetric Cipher) ? private key.

An What is a Public Key Cryptography (known as Asymmetric Cipher) ? private key is categorized as something you have authentication.

Management

Algorithm Scheme

There is two asymmetric cryptographic scheme that defines how to create a private key.

There is therefore two types of key. The most known being RSA

File Format

Different file formats are used to store keys.

Create

The creation of the private key is format dependent.

Pem

For a pem private key (the openssl format), you use:

  • the genrsa 1) utility to create a RSA private key.
  • the gendsa utility to create a DSA private key

Example: The below command 2) creates a:

openssl \
  genrsa \ 
  -des3 `# encrypt the key with DES in ede cbc mode (168 bit key)`  \
  -out private-key.pem `# the key file`  \
  -passout file:passphrase.txt `# the passphrase is in the file
  4096 `# num of bit default to 2048

Output Example:

Generating RSA private key, 4096 bit long modulus (2 primes)
.................................++++
.........................................................................++++
e is 65537 (0x010001)

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B03FF7BC9D49E89C

8vSw4nlXuuAyJHfxnWCbi7QPW/QMgFU1HNlnSvt/10HEbSep+E6H8seRKwRK5TAW
q4TjSzrfL3Mg0Rq4jB3uEHLbEOFxoOOCrVLh+Okrdk4MmqTsUAFZaJMfAcy22Uqx
biHAHykE1Rp90Mnf8vbm4WukXDOeTmgr6x7ZJqIGaTZnF82kYz1IMoWoCy5mGfwD
ZCMHPkXRyCdQJikR+uDx/92waeCSJCcd6OXOJ/j3NFOZMzfrprUjYaIUc5EYXFgv
hEsIPHksKnboqFQzOZuqLCYNXSYq2Cld0CrEXTDDHNGWqZuT/5RLquwWmaBtqa+e
I63iL8a7d+1QvrUzuin34wUAZT7ccZdll6upq52C41J5zxw3oKlb5PqqrEhJ/C+Y
u0N7ap7A1ODw9lnKKHHsr391RedQ4l3yWPZdb+XzoyzSHMC8h45EK/VvHzXBBVu1
dsJaWLJUMaD4CviAeydV1159Qoddw2j6NcS94Iif6m4MEaH/NteTNFE2OgnD21so
v0k4vE8fKsYjbNJPLnGRxDOdTLQ1HVQVd2i9/PWj60hlE4Ef7hl/BaMC+GreM3xh
uV8MpBV+SDc2LhbVna0+CfB6vcZxIMsI1nHOQY4z4bNr14p2vRFtqRfWcy/M0fSC
madpGO1xNYnQZOvJEcHu6nGQsU6AgwpCKVizfxTQ8oAjrrvLdl9WvF4FWOvI2jxI
yVrQP0a/lRGN3Fh6DxS6EJSsMzwvr7htwfo+SVNYDMDlbUoFlvTHT9sMpKrh3Cke
oGrOjjCrPAlMmeKpqw1LOk1B1a/CgPM4BzwS4+MO5+KAwmVSpe/zOQ==
..............
.............
-----END RSA PRIVATE KEY-----

Ppk

For a ppk private key (Putty), see ppk create

Decrypt / Suppress passphrase

With a:

-----BEGIN OPENSSH PRIVATE KEY-----
xxxxxxxxxx
-----END OPENSSH PRIVATE KEY-----
# with prompt of the passphrase
# where N is the new passphrase (ie empty)
# and f is the file
ssh-keygen -p  -N "" -f /path/keyfile.pem





Discover More
Card Puncher Data Processing
Ansible - Ansible-vault

ansible-vault is a command line utility that permits to add/get sensitive data (file or property value) into an encrypted format called a vault Example of sensitive data: password private keys ...
Card Puncher Data Processing
Ansible - Connection

Connection parameters to hosts are given through variable. You can define the running user with the help of this two variable: ansible_user ( in a inventory file) remote_user in a Playbook ansible_userremote_userbecomeansible/ansible/issues/2004520045...
Card Puncher Data Processing
Ansible - Encrypt a property (password, private key)

How to encrypt a string property with ansible-vault In line String String from a File content You can encrypt a private key this way for instance. First create a file that will...
Certbot (letsencrypt | letsencrypt-auto)

Certbot is an acme client (Let’s Encrypt CA) (or any other CA) to issue SSL certificates. Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority...
Challenge of ownership

challenge are actions that permits to verify the ownership of a private key. They are used during the CA certificate signing verification To get a domain validated certificate, you need to prove the...
Cryptography - CER file format (Certificate)

.CER files are PEM file with the cer extension to indicate that they hold a certificate. They have the public key, they don't have the private key in a Public Key Cryptography model The format is defined...
Cryptography - Encryption (Enciphering)

Encryption is the function of a cipher that transforms usable data into an unreadable form. It provides confidentiality if a secret is used in the encryption. There is two class of encryption. ...
Cryptography - JKS (Java Keystore)

In the JDK implementation of JKS, a keystore may contain both: key entries and trusted certificate entries. command line: Gui: Porte-cle: (download)...
Cryptography - Key

A key is a parameter used in a cipher algorithm that determines: the encryption operation (forward) and the decryption operation (backward). It's the only secret parameter that protect the anonymity...
Portecle New Keystore
Cryptography - Keystore (KS)

A keystore is a database of key material. ie: key LDAP identity You only need it: if you are a server that want to implements SSL, or if the server requires client authentication. A keystore...



Share this page:
Follow us:
Task Runner