Key File Formats
The samples below are all examples of using asymmetric (public-key) RSA encryption. Unfortunately, it appears there are various competing formats for storing the data in files which I aim to cover here.
GPG
Private Key
Generated from gpg --export-secret-key -a "username@email.com" > [filename].asc
-----BEGIN PGP PRIVATE KEY BLOCK----- Version: GnuPG v1 lQdGBFkW4esBEAC5GeGmDASNHTQydE9qjzjnfkuPNpAS+9SqT4WbhqE+5zQdRhzL ... A1TE7Cub/cVlTby3gIiz3Q42mQI6vOrcCC56JP6mo9wVzJb8uhad1wI36XPygh0= =N6UH -----END PGP PRIVATE KEY BLOCK-----
Public Key
Generated from gpg --export-key -a "username@email.com" > [filename].asc
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQINBFkW4esBEAC5GeGmDASNHTQydE9qjzjnfkuPNpAS+9SqT4WbhqE+5zQdRhzL ... kbEI7B+iIQd8qKczj0kDVMTsK5v9xWVNvLeAiLPdDjaZAjq86twILnok/qaj3BXM lvy6Fp3XAjfpc/KCHQ== =BKkp -----END PGP PUBLIC KEY BLOCK-----
I will try to use the .pgp
extension with these. If you double click a .pgp
file in ubuntu, it will automatically get imported into your keyring. If you use the .pem extension, it will get displayed in a certificate viewer correctly.
This format is what is used for email based security, encrypting/decrypting files on your computer, and digitally signing software.
OpenSSL
Private Key
Run this command to generate a file:
openssl genpkey \ -algorithm RSA \ -out dummy-xxx.pem \ -pkeyopt rsa_keygen_bits:2048
Which produces this format...
-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQD3GrQUMf2kYaXI Gy8GPQutRdbXiUVu4uTBeIyqbQZLHs01E7GFTxMVmod0Haf69C5GOMpEQhLt55gq ... PYgjX12hUGX9jF+2RVl9gpozG6CEIYe8I7RuyyauDJ/gzPrG6r/G1Se6M1zK+YB9 5Y+NiCejKC3gfbW2nJfReSU= -----END PRIVATE KEY-----
Public Key
One can then use the private key with the following command to generate the public counterpart.
openssl rsa \ -in dummy-xxx.pem \ -pubout > dummy-xxx.pub
...with the following format:
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9xq0FDH9pGGlyBsvBj0L ... yjrq0ERRrsocgFwGth/LW1S7Lwl3eNa6c4NDKZ2y0Ih5qqNwZFYWhS9YoekqVs/k iQIDAQAB -----END PUBLIC KEY-----
This format is for website certificates and can be used/converted for SSH.
SSH Keygen
Format generated by ssh-keygen.
Private Key
By default, ssh-keygen will create the public keyfile at ~/.ssh/id_rsa
(no extension)
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEAwNoFjO7+a4GXoVoAwe0PJ3TignTuOFGzlXoF/gQ0ZDFiRlGt ... x5lUThJdHVGTN0c5Mn0YefCq4qySxTfvDy8CfjDMAYlR4wxZs73vYjOPofruH35S O3zCil5543Hkl6Pu1rllLkNI/8f385Tl4p1ymb4/qH75T0nBwy76qg== -----END RSA PRIVATE KEY-----
Public Key
By default, ssh-keygen will create the public keyfile at ~/.ssh/id_rsa.pub
ssh-rsa AAAAaLotMoreRandomCharactersD4gBfkME5VsfR+D+R stuart@stu-home-office
Conversions
You can convert an openssl generated private key to an ssh public key with:
ssh-keygen -y -f [my-private-key].pem
However, it is worth noting that you won't have the identifier at the end like :
...324fs stuart@stu-home-office
In theory you should be able to convert between pgp and openssl formats, but I am going to just keep using two different sets of keys for now.
References
- Stack Overflow - Convert pem key to ssh-rsa format
- Software Engineering - How do PGP and PEM differ?
- How2SSL.com - PEM Files
- Sysmic.org - Convert keys between GnuPG, OpenSsh and OpenSSL
First published: 16th August 2018