Friday, December 27, 2019

Is the Password to the Private Key Correct?

When we generate a public-private key pair for public key cryptography, such as, RSA, we can use a password to control access to the private key. We would know if it is the case by viewing the content of the key file, e.g.,

$ sudo head -1 myprivatekey.key
-----BEGIN ENCRYPTED PRIVATE KEY-----

The problem is that I don't know which password is correct because I have a few. If we are using openssh, we can easily verify if a password is correct by using ssh-keygen with the -y option -- the manual states,

-y      This option will read a private OpenSSH format file and print an
        OpenSSH public key to stdout.

Knowing this, we verify whether a password is correct or not by
ssh-keygen -y -f ./myprivatekey.key; echo "exit code is " $?
Enter passphrase: xxxxxxxx
Load key "./myprivatekey.key": incorrect passphrase supplied to decrypt private key
exit code is  255

which shows that the password I entered was incorrect. However, we entered a correct one, we would observe,

ssh-keygen -y -f ./myprivatekey.key; echo "exit code is " $?
Enter passphrase: yyyyyyyy
exit code is  0

No comments:

Post a Comment