Key File Formats

The samples below are all examples of using asymmetric (public-key) RSA encryption. Unfortunately, it appears there are various competing formats for storing the data in files which I aim to cover here.

GPG

Private Key

Generated from gpg --export-secret-key -a "username@email.com" > [filename].asc

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: GnuPG v1

lQdGBFkW4esBEAC5GeGmDASNHTQydE9qjzjnfkuPNpAS+9SqT4WbhqE+5zQdRhzL
...
A1TE7Cub/cVlTby3gIiz3Q42mQI6vOrcCC56JP6mo9wVzJb8uhad1wI36XPygh0=
=N6UH
-----END PGP PRIVATE KEY BLOCK-----

Public Key

Generated from gpg --export-key -a "username@email.com" > [filename].asc

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFkW4esBEAC5GeGmDASNHTQydE9qjzjnfkuPNpAS+9SqT4WbhqE+5zQdRhzL
...
kbEI7B+iIQd8qKczj0kDVMTsK5v9xWVNvLeAiLPdDjaZAjq86twILnok/qaj3BXM
lvy6Fp3XAjfpc/KCHQ==
=BKkp
-----END PGP PUBLIC KEY BLOCK-----

I will try to use the .pgp extension with these. If you double click a .pgp file in ubuntu, it will automatically get imported into your keyring. If you use the .pem extension, it will get displayed in a certificate viewer correctly.

This format is what is used for email based security, encrypting/decrypting files on your computer, and digitally signing software.

OpenSSL

Private Key

Run this command to generate a file:

openssl genpkey \
-algorithm RSA \
-out dummy-xxx.pem \
-pkeyopt rsa_keygen_bits:2048

Which produces this format...

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD3GrQUMf2kYaXI
Gy8GPQutRdbXiUVu4uTBeIyqbQZLHs01E7GFTxMVmod0Haf69C5GOMpEQhLt55gq
...
PYgjX12hUGX9jF+2RVl9gpozG6CEIYe8I7RuyyauDJ/gzPrG6r/G1Se6M1zK+YB9
5Y+NiCejKC3gfbW2nJfReSU=
-----END PRIVATE KEY-----

Public Key

One can then use the private key with the following command to generate the public counterpart.

openssl rsa \
-in dummy-xxx.pem \
-pubout > dummy-xxx.pub

...with the following format:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9xq0FDH9pGGlyBsvBj0L
...
yjrq0ERRrsocgFwGth/LW1S7Lwl3eNa6c4NDKZ2y0Ih5qqNwZFYWhS9YoekqVs/k
iQIDAQAB
-----END PUBLIC KEY-----

I believe this is the PEM format and I try to use the .pem extension for these.

This format is for website certificates and can be used/converted for SSH.

SSH Keygen

Format generated by ssh-keygen.

Private Key

By default, ssh-keygen will create the public keyfile at ~/.ssh/id_rsa (no extension)

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwNoFjO7+a4GXoVoAwe0PJ3TignTuOFGzlXoF/gQ0ZDFiRlGt
...
x5lUThJdHVGTN0c5Mn0YefCq4qySxTfvDy8CfjDMAYlR4wxZs73vYjOPofruH35S
O3zCil5543Hkl6Pu1rllLkNI/8f385Tl4p1ymb4/qH75T0nBwy76qg==
-----END RSA PRIVATE KEY-----

Public Key

By default, ssh-keygen will create the public keyfile at ~/.ssh/id_rsa.pub

ssh-rsa AAAAaLotMoreRandomCharactersD4gBfkME5VsfR+D+R stuart@stu-home-office

Conversions

You can convert an openssl generated private key to an ssh public key with:

ssh-keygen -y -f [my-private-key].pem

However, it is worth noting that you won't have the identifier at the end like :

...324fs stuart@stu-home-office

In theory you should be able to convert between pgp and openssl formats, but I am going to just keep using two different sets of keys for now.

References

Author

Programster

Stuart is a software developer with a passion for Linux and open source projects.

comments powered by Disqus
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites. More info.