Friday, December 27, 2019

Is the Password to the Private Key Correct?

When we generate a public-private key pair for public key cryptography, such as, RSA, we can use a password to control access to the private key. We would know if it is the case by viewing the content of the key file, e.g.,

$ sudo head -1 myprivatekey.key
-----BEGIN ENCRYPTED PRIVATE KEY-----

The problem is that I don't know which password is correct because I have a few. If we are using openssh, we can easily verify if a password is correct by using ssh-keygen with the -y option -- the manual states,

-y      This option will read a private OpenSSH format file and print an
        OpenSSH public key to stdout.

Knowing this, we verify whether a password is correct or not by
ssh-keygen -y -f ./myprivatekey.key; echo "exit code is " $?
Enter passphrase: xxxxxxxx
Load key "./myprivatekey.key": incorrect passphrase supplied to decrypt private key
exit code is  255

which shows that the password I entered was incorrect. However, we entered a correct one, we would observe,

ssh-keygen -y -f ./myprivatekey.key; echo "exit code is " $?
Enter passphrase: yyyyyyyy
exit code is  0

Thursday, December 5, 2019

On a Debian-based Linux Distribution, Which Package Has a Given File?

We often wonder which package we should install to use a command. On Debian-based distributions, we can use apt-file to locate file that in packages that we have or haven't installed, and use dlocate to locate a file in packages that have been installed.

For example, to determine which package the ip command is in, we can run the following.

First, make sure we have installed apt-file

sudo apt-get install apt-file

Second, make sure we have packages indexed and up-to-date, be it installed or not.

sudo apt-file update

We can now determine which package has the ip command,


apt-file search ip

The result may be too long to be useful. To shorten the result, we apply heuristics. We know that the ip is a command, and it is probably in a bin directory, the name of the file should be ip,

apt-file search ip | grep "bin" | grep "/ip$"

Now the output is

iproute2: /bin/ip
iproute2: /sbin/ip

If we know that we have had the iproute2 installed, we can use dlocate as follows.
First, we make sure that we have installed dlocate.

sudo apt-get install dlocate

Next, we run dlocate with some heuristics as in,

dlocate ip | grep "bin" | grep "/ip$"

The output is,

iproute2: /bin/ip
iproute2: /sbin/ip