Privacy-Enhanced Mail (PEM) (OpenSsh key format)

About

Privacy-Enhanced Mail (PEM) is a key file formats. It's one of the format used to store private key. See Cryptographic - Private Key

The PEM format is the base64 encoded version of the DER formated data with additional header and footer lines to be transported via e.g. … E-mail. (ie The M is PEM)

The PEM format is readable as ASCII text used by the Openssl ssh

Format

The header and footer lines in the PEM format defines what type of PEM file it is.

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
 -----BEGIN CERTIFICATE REQUEST-----
 -----END CERTIFICATE REQUEST-----

but may also be:

 -----BEGIN NEW CERTIFICATE REQUEST-----
 -----END NEW CERTIFICATE REQUEST-----

Management

Create

Genrsa Syntax - Generate an RSA private key create a:

  • 1024 bit RSA key
  • encrypted using Triple-DES
  • with openssl
openssl \
  genrsa \ 
  -des3 `# encrypt the key with DES in ede cbc mode (168 bit key)`  \
  -out server.key.pem `# the key file`  \
  1024 `# num of bit`

Example:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B03FF7BC9D49E89C

8vSw4nlXuuAyJHfxnWCbi7QPW/QMgFU1HNlnSvt/10HEbSep+E6H8seRKwRK5TAW
q4TjSzrfL3Mg0Rq4jB3uEHLbEOFxoOOCrVLh+Okrdk4MmqTsUAFZaJMfAcy22Uqx
biHAHykE1Rp90Mnf8vbm4WukXDOeTmgr6x7ZJqIGaTZnF82kYz1IMoWoCy5mGfwD
ZCMHPkXRyCdQJikR+uDx/92waeCSJCcd6OXOJ/j3NFOZMzfrprUjYaIUc5EYXFgv
hEsIPHksKnboqFQzOZuqLCYNXSYq2Cld0CrEXTDDHNGWqZuT/5RLquwWmaBtqa+e
I63iL8a7d+1QvrUzuin34wUAZT7ccZdll6upq52C41J5zxw3oKlb5PqqrEhJ/C+Y
u0N7ap7A1ODw9lnKKHHsr391RedQ4l3yWPZdb+XzoyzSHMC8h45EK/VvHzXBBVu1
dsJaWLJUMaD4CviAeydV1159Qoddw2j6NcS94Iif6m4MEaH/NteTNFE2OgnD21so
v0k4vE8fKsYjbNJPLnGRxDOdTLQ1HVQVd2i9/PWj60hlE4Ef7hl/BaMC+GreM3xh
uV8MpBV+SDc2LhbVna0+CfB6vcZxIMsI1nHOQY4z4bNr14p2vRFtqRfWcy/M0fSC
madpGO1xNYnQZOvJEcHu6nGQsU6AgwpCKVizfxTQ8oAjrrvLdl9WvF4FWOvI2jxI
yVrQP0a/lRGN3Fh6DxS6EJSsMzwvr7htwfo+SVNYDMDlbUoFlvTHT9sMpKrh3Cke
oGrOjjCrPAlMmeKpqw1LOk1B1a/CgPM4BzwS4+MO5+KAwmVSpe/zOQ==
-----END RSA PRIVATE KEY-----

Export

with Portecle > Right Click on the Entry > Export

To

DER format

to Distinguished Encoding Rules (DER)

openssl rsa –in file.der –inform DER –out file.pem –outform PEM

PPK (Putty)

PEM to Key - ppk key format:

  • Open Putty Key Generator
  • File > Import

  • Change the key comment
  • And save it as a key

Read

Concat

The following command uses a CRT file named keystore.crt and a key file named keystore.key to create a PEM keystore named infa_keystore.pem:

cat keystore.crt keystore.key >> keystore.pem

Decrypt

openssl rsa -in [encrypted.key] -out [unencrypted.key]
Enter pass phrase for encrypted.key.pem:
writing RSA key

Read

openssl x509 -in cert.pem -text -noout

Powered by ComboStrap