How to extract public key using OpenSSL?
OpensslPublic Key-EncryptionPkiOpenssl Problem Overview
The following command generates a file which contains both public and private key:
openssl genrsa -des3 -out privkey.pem 2048
Source: http://www.openssl.org/docs/HOWTO/keys.txt">here</a>
With OpenSSL, the private key contains the public key information as well, so a public key doesn't need to be generated separately
How can we extract the public key from the privkey.pem file?
Thanks.
Openssl Solutions
Solution 1 - Openssl
openssl rsa -in privkey.pem -pubout > key.pub
That writes the public key to key.pub
Solution 2 - Openssl
Though, the above technique works for the general case, it didn't work on Amazon Web Services (AWS) PEM files.
I did find in the AWS docs the following command works:
ssh-keygen -y
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
edit Thanks @makenova for the complete line:
ssh-keygen -y -f key.pem > key.pub
Solution 3 - Openssl
For those interested in the details - you can see what's inside the public key file (generated as explained above), by doing this:-
openssl rsa -noout -text -inform PEM -in key.pub -pubin
or for the private key file, this:-
openssl rsa -noout -text -in key.private
which outputs as text on the console the actual components of the key (modulus, exponents, primes, ...)
Solution 4 - Openssl
For AWS importing an existing public key,
-
Export from the .pem doing this... (on linux)
openssl rsa -in ./AWSGeneratedKey.pem -pubout -out PublicKey.pub
This will produce a file which if you open in a text editor looking something like this...
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/8y3uYCQxSXZ58OYceG
A4uPdGHZXDYOQR11xcHTrH13jJEzdkYZG8irtyG+m3Jb6f9F8WkmTZxl+4YtkJdN
9WyrKhxq4Vbt42BthadX3Ty/pKkJ81Qn8KjxWoL+SMaCGFzRlfWsFju9Q5C7+aTj
eEKyFujH5bUTGX87nULRfg67tmtxBlT8WWWtFe2O/wedBTGGQxXMpwh4ObjLl3Qh
bfwxlBbh2N4471TyrErv04lbNecGaQqYxGrY8Ot3l2V2fXCzghAQg26Hc4dR2wyA
PPgWq78db+gU3QsePeo2Ki5sonkcyQQQlCkL35Asbv8khvk90gist4kijPnVBCuv
cwIDAQAB
-----END PUBLIC KEY-----
2. However AWS will NOT accept this file.
You have to strip off the `-----BEGIN PUBLIC KEY-----` and `-----END PUBLIC KEY-----` from the file. Save it and import and it should work in AWS.
Solution 5 - Openssl
If your looking how to copy an Amazon AWS .pem
keypair into a different
region do the following:
openssl rsa -in .ssh/amazon-aws.pem -pubout > .ssh/amazon-aws.pub
Then
aws ec2 import-key-pair --key-name amazon-aws --public-key-material '$(cat .ssh/amazon-aws.pub)' --region us-west-2
Solution 6 - Openssl
use openssl to extract the pub file from the pem file as
openssl x509 -inform pem -in private_key.pem -pubkey -noout > public_key.pub