How to extract public key using OpenSSL

Question

The following command generates a file which contains both public and private key   openssl genrsa -des3 -out privkey pem 2048   Source  here  With OpenSSL  the private key contains the public key information as well  so a public key doesn t need to be generated separately  How can we extract the public key from the privkey pem file   Thanks

User · Answer

Though  the above technique works for the general case  it didn t work on Amazon Web Services  AWS  PEM files    I did find in the AWS docs the following command works  ssh-keygen -y  http   docs aws amazon com AWSEC2 latest UserGuide ec2-key-pairs html  edit Thanks  makenova for the complete line   ssh-keygen -y -f key pem  gt  key pub

User · Answer

openssl rsa -in privkey pem -pubout  gt  key pub   That writes the public key to key pub

User · Answer

If your looking how to copy an Amazon AWS  pem keypair into a different  region do the following   openssl rsa -in  ssh amazon-aws pem -pubout  gt   ssh amazon-aws pub   Then  aws ec2 import-key-pair --key-name amazon-aws --public-key-material    cat  ssh amazon-aws pub   --region us-west-2

User · Answer

For AWS importing an existing public key    Export from the  pem doing this     on linux   openssl rsa -in   AWSGeneratedKey pem -pubout -out PublicKey pub    This will produce a file which if you open in a text editor looking something like this     -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn 8y3uYCQxSXZ58OYceG A4uPdGHZXDYOQR11xcHTrH13jJEzdkYZG8irtyG m3Jb6f9F8WkmTZxl 4YtkJdN 9WyrKhxq4Vbt42BthadX3Ty pKkJ81Qn8KjxWoL SMaCGFzRlfWsFju9Q5C7 aTj eEKyFujH5bUTGX87nULRfg67tmtxBlT8WWWtFe2O wedBTGGQxXMpwh4ObjLl3Qh bfwxlBbh2N4471TyrErv04lbNecGaQqYxGrY8Ot3l2V2fXCzghAQg26Hc4dR2wyA PPgWq78db gU3QsePeo2Ki5sonkcyQQQlCkL35Asbv8khvk90gist4kijPnVBCuv cwIDAQAB -----END PUBLIC KEY-----    However AWS will NOT accept this file   You have to strip off the -----BEGIN PUBLIC KEY----- and -----END PUBLIC KEY----- from the file  Save it and import and it should work in AWS

User · Answer

For those interested in the details - you can see what s inside the public key file  generated as explained above   by doing this -  openssl rsa -noout -text -inform PEM -in key pub -pubin   or for the private key file  this -  openssl rsa -noout -text -in key private   which outputs as text on the console the actual components of the key  modulus  exponents  primes

[openssl] How to extract public key using OpenSSL?

Examples related to openssl

Examples related to public-key-encryption

Examples related to pki