Privacy-Enhanced Mail (PEM) (OpenSsh key format)

1 - About

Privacy-Enhanced Mail (PEM) is a key file formats. It's one of the format used to store private key. See Cryptographic - Private Key

The PEM format is the base64 encoded version of the DER formated data with additional header and footer lines to be transported via e.g. … E-mail. (ie The M is PEM)

The PEM format is readable as ASCII text used by the Openssl ssh

3 - Format

The header and footer lines in the PEM format defines what type of PEM file it is.


-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----


-----BEGIN CERTIFICATE REQUEST-----
 -----END CERTIFICATE REQUEST-----

but may also be:


-----BEGIN NEW CERTIFICATE REQUEST-----
 -----END NEW CERTIFICATE REQUEST-----

4 - Management

4.1 - Create

Genrsa Syntax - Generate an RSA private key create a:

  • 1024 bit RSA key
  • encrypted using Triple-DES
  • with openssl

openssl \
  genrsa \ 
  -des3 `# encrypt the key with DES in ede cbc mode (168 bit key)`  \
  -out server.key.pem `# the key file`  \
  1024 `# num of bit`

Example:


-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B03FF7BC9D49E89C

8vSw4nlXuuAyJHfxnWCbi7QPW/QMgFU1HNlnSvt/10HEbSep+E6H8seRKwRK5TAW
q4TjSzrfL3Mg0Rq4jB3uEHLbEOFxoOOCrVLh+Okrdk4MmqTsUAFZaJMfAcy22Uqx
biHAHykE1Rp90Mnf8vbm4WukXDOeTmgr6x7ZJqIGaTZnF82kYz1IMoWoCy5mGfwD
ZCMHPkXRyCdQJikR+uDx/92waeCSJCcd6OXOJ/j3NFOZMzfrprUjYaIUc5EYXFgv
hEsIPHksKnboqFQzOZuqLCYNXSYq2Cld0CrEXTDDHNGWqZuT/5RLquwWmaBtqa+e
I63iL8a7d+1QvrUzuin34wUAZT7ccZdll6upq52C41J5zxw3oKlb5PqqrEhJ/C+Y
u0N7ap7A1ODw9lnKKHHsr391RedQ4l3yWPZdb+XzoyzSHMC8h45EK/VvHzXBBVu1
dsJaWLJUMaD4CviAeydV1159Qoddw2j6NcS94Iif6m4MEaH/NteTNFE2OgnD21so
v0k4vE8fKsYjbNJPLnGRxDOdTLQ1HVQVd2i9/PWj60hlE4Ef7hl/BaMC+GreM3xh
uV8MpBV+SDc2LhbVna0+CfB6vcZxIMsI1nHOQY4z4bNr14p2vRFtqRfWcy/M0fSC
madpGO1xNYnQZOvJEcHu6nGQsU6AgwpCKVizfxTQ8oAjrrvLdl9WvF4FWOvI2jxI
yVrQP0a/lRGN3Fh6DxS6EJSsMzwvr7htwfo+SVNYDMDlbUoFlvTHT9sMpKrh3Cke
oGrOjjCrPAlMmeKpqw1LOk1B1a/CgPM4BzwS4+MO5+KAwmVSpe/zOQ==
-----END RSA PRIVATE KEY-----

4.2 - Export

with Portecle > Right Click on the Entry > Export

4.3 - To

4.3.1 - DER format

to Distinguished Encoding Rules (DER)


openssl rsa –in file.der –inform DER –out file.pem –outform PEM

4.3.2 - PPK (Putty)

PEM to Key - ppk key format:

  • Open Putty Key Generator
  • File > Import

  • Change the key comment
  • And save it as a key

4.4 - Read

4.5 - Concat

The following command uses a CRT file named keystore.crt and a key file named keystore.key to create a PEM keystore named infa_keystore.pem:


cat keystore.crt keystore.key >> keystore.pem

4.6 - Decrypt


openssl rsa -in [encrypted.key] -out [unencrypted.key]


Enter pass phrase for encrypted.key.pem:
writing RSA key

4.7 - Read


openssl x509 -in cert.pem -text -noout


Data Science
Data Analysis
Statistics
Data Science
Linear Algebra Mathematics
Trigonometry

Powered by ComboStrap