Management of a RSA Private Key in PEM format (OpenSSH)

Public Key Crypto Pair Key Creation

About

This article is about the management of a RSA implementation private key with OpenSSH (ie in a PEM format)

Command

Creation

For a pem private key (the openssh format), you use the genrsa 1) utility to create a RSA private key.

The below command 2) creates a:

openssl \
  genrsa \ 
  -des3 `# encrypt the key with DES in ede cbc mode (168 bit key)`  \
  -out private-key.pem `# the key file`  \
  -passout file:passphrase.txt `# the passphrase is in the file
  4096 `# num of bit default to 2048

Output Example:

Generating RSA private key, 4096 bit long modulus (2 primes)
.................................++++
.........................................................................++++
e is 65537 (0x010001)

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B03FF7BC9D49E89C

8vSw4nlXuuAyJHfxnWCbi7QPW/QMgFU1HNlnSvt/10HEbSep+E6H8seRKwRK5TAW
q4TjSzrfL3Mg0Rq4jB3uEHLbEOFxoOOCrVLh+Okrdk4MmqTsUAFZaJMfAcy22Uqx
biHAHykE1Rp90Mnf8vbm4WukXDOeTmgr6x7ZJqIGaTZnF82kYz1IMoWoCy5mGfwD
ZCMHPkXRyCdQJikR+uDx/92waeCSJCcd6OXOJ/j3NFOZMzfrprUjYaIUc5EYXFgv
hEsIPHksKnboqFQzOZuqLCYNXSYq2Cld0CrEXTDDHNGWqZuT/5RLquwWmaBtqa+e
I63iL8a7d+1QvrUzuin34wUAZT7ccZdll6upq52C41J5zxw3oKlb5PqqrEhJ/C+Y
u0N7ap7A1ODw9lnKKHHsr391RedQ4l3yWPZdb+XzoyzSHMC8h45EK/VvHzXBBVu1
dsJaWLJUMaD4CviAeydV1159Qoddw2j6NcS94Iif6m4MEaH/NteTNFE2OgnD21so
v0k4vE8fKsYjbNJPLnGRxDOdTLQ1HVQVd2i9/PWj60hlE4Ef7hl/BaMC+GreM3xh
uV8MpBV+SDc2LhbVna0+CfB6vcZxIMsI1nHOQY4z4bNr14p2vRFtqRfWcy/M0fSC
madpGO1xNYnQZOvJEcHu6nGQsU6AgwpCKVizfxTQ8oAjrrvLdl9WvF4FWOvI2jxI
yVrQP0a/lRGN3Fh6DxS6EJSsMzwvr7htwfo+SVNYDMDlbUoFlvTHT9sMpKrh3Cke
oGrOjjCrPAlMmeKpqw1LOk1B1a/CgPM4BzwS4+MO5+KAwmVSpe/zOQ==
..............
.............
-----END RSA PRIVATE KEY-----

Info

With openssl rsa module 3)

openssl rsa -in pkcs8.pem -text -noout

Delete Passphrase

cp server.key.pem server.key_with_pwd.pem
openssl rsa -in server.key_with_pwd.pem -out server.key.pem -passin file:pass.txt

Create a public key from the private key

Create a public key

openssl rsa -in key.pem -pubout -out pubkey.pem

Convert from PEM to pkcs8 base64 PEM

Convert a private key to PKCS#8 unencrypted format with 4)

openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem

Convert from PEM to pkcs12

openssl pkcs12 -export -nocerts -inkey pkcs8.pem -out pkcs12.p12





Discover More
Public Key Crypto Pair Key Creation
Cryptographic - Private Key

This article talks the secret known as the private key in a asymmetric cryptographic scheme. A private key is a cryptographic key that is private (that you should be kept secret). This page is how...
Public Key Crypto Pair Key Creation
Cryptography - RSA (Rivest–Shamir–Adleman)

RSA (Rivest–Shamir–Adleman) is a public-key cryptosystems implementation (one of the first). RSA is then a asymmetric cipher (ie public key scheme). RSA uses exponentiation modulo a product of two...
PassPhrase (Longer password)

A passphrase is something you know and is like a password except: it is longer (not always true) it's not coupled to a login In the early days passwords on Unix system were limited to 8 characters,...
Porte Cle Keystore Pem
Privacy-Enhanced Mail (PEM) (OpenSsh format)

Privacy-Enhanced Mail (PEM) is a file formats for cryptographic material (key, certificate, ..). The PEM format is the DER format encoded in base64 with additional header and footer lines to be transported...
Public Key Crypto Pair Key Creation
Public Key

A public key is a key used in the public cryptographic system. The public key is often saved in a cer format. The Key_distributionpublic key distribution can be done: through public key servers....



Share this page:
Follow us:
Task Runner