SyntaxFix

[openssl] How to extract public key using OpenSSL?

The following command generates a file which contains both public and private key:

openssl genrsa -des3 -out privkey.pem 2048

Source: here

With OpenSSL, the private key contains the public key information as well, so a public key doesn't need to be generated separately

How can we extract the public key from the privkey.pem file?

Thanks.

This question is related to openssl public-key-encryption pki

The answer is

For AWS importing an existing public key,

  1. Export from the .pem doing this... (on linux)

    openssl rsa -in ./AWSGeneratedKey.pem -pubout -out PublicKey.pub

This will produce a file which if you open in a text editor looking something like this...

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/8y3uYCQxSXZ58OYceG
A4uPdGHZXDYOQR11xcHTrH13jJEzdkYZG8irtyG+m3Jb6f9F8WkmTZxl+4YtkJdN
9WyrKhxq4Vbt42BthadX3Ty/pKkJ81Qn8KjxWoL+SMaCGFzRlfWsFju9Q5C7+aTj
eEKyFujH5bUTGX87nULRfg67tmtxBlT8WWWtFe2O/wedBTGGQxXMpwh4ObjLl3Qh
bfwxlBbh2N4471TyrErv04lbNecGaQqYxGrY8Ot3l2V2fXCzghAQg26Hc4dR2wyA
PPgWq78db+gU3QsePeo2Ki5sonkcyQQQlCkL35Asbv8khvk90gist4kijPnVBCuv
cwIDAQAB
-----END PUBLIC KEY-----

  1. However AWS will NOT accept this file.

    You have to strip off the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- from the file. Save it and import and it should work in AWS.

Though, the above technique works for the general case, it didn't work on Amazon Web Services (AWS) PEM files.

I did find in the AWS docs the following command works: ssh-keygen -y

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html

edit Thanks @makenova for the complete line:

ssh-keygen -y -f key.pem > key.pub

For those interested in the details - you can see what's inside the public key file (generated as explained above), by doing this:-

openssl rsa -noout -text -inform PEM -in key.pub -pubin

or for the private key file, this:-

openssl rsa -noout -text -in key.private

which outputs as text on the console the actual components of the key (modulus, exponents, primes, ...)

If your looking how to copy an Amazon AWS .pem keypair into a different region do the following:

openssl rsa -in .ssh/amazon-aws.pem -pubout > .ssh/amazon-aws.pub

Then

aws ec2 import-key-pair --key-name amazon-aws --public-key-material '$(cat .ssh/amazon-aws.pub)' --region us-west-2

Source: Stackoverflow.com

Examples related to openssl

dyld: Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib How to install OpenSSL in windows 10? SSL_connect: SSL_ERROR_SYSCALL in connection to github.com:443 How to fix: fatal error: openssl/opensslv.h: No such file or directory in RedHat 7 Homebrew refusing to link OpenSSL Solving sslv3 alert handshake failure when trying to use a client certificate How to install latest version of openssl Mac OS X El Capitan How to resolve the "EVP_DecryptFInal_ex: bad decrypt" during file decryption SSL error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Can't get private key with openssl (no start line:pem_lib.c:703:Expecting: ANY PRIVATE KEY)

Examples related to public-key-encryption

gpg decryption fails with no secret key error Unable to load config info from /usr/local/ssl/openssl.cnf on Windows RSA Public Key format How to extract public key using OpenSSL? Use RSA private key to generate public key?

Examples related to pki

How to extract public key using OpenSSL? What does "subject" mean in certificate?

Tags

Cryptostream Touchesbegan Virtualenv Webdeploy Bounding-box Togglebuttonbar Scriptable Assembly-signing Plaxo Nssocketport Cssadapter Localnotification Iexpress Parse-tree Wpftoolkit Jbi Clause Waveoutwrite Multiple-instances Ecb Cusp Xorg Database-concurrency Wordle Hyperlink Weak-events Insertafter Ms-project User-instance Megabyte Yui-charts Tablename Exec Virtualenvwrapper Bareword Aggpas Nls Facebook Virtual-pc-2007 Port-number Web-hosting Xml-editor Usernametoken Sqlclr Quotations Exponential-distribution Nachos Conversion-operator Silent-installer Intraweb Inotify Delphi-2009 Virtual-ip-address Rcf Android-livefolders Xcf Adobe-flash-cs3 Itil Foreign-key-relationship Get Visual-c#-express-2010 Aggregator Web-user-controls Vmargs Authenticator Binutils Argparse Castle-dynamicproxy Hit-highlighting Ora-00936 Subreports Ls-colors Add-references-dialog Xdgutils Nhibernate-configuration Interbase Open-source Mbr Mmapi Multitexturing Cognos Gcc4 Unicorn Treegrid Autotest Windows-client Sonicmq Wsh Invalid-postback Mschart Form-fields Ri Synedit Title-case Negative-lookbehind Converters 4d Apl Protx Occlusion