How do you test a public private DSA keypair

Question

Is there an easy way to verify that a given private key matches a given public key   I have a few   puband a few   key files  and I need to check which go with which  Again  these are pub key files  DSA  I would really prefer a one-liner of some sort

User · Answer

If you are in Windows and want use a GUI  with puttygen you can import your private key into it     Once imported  you can save its public key and compare it to yours

User · Answer

For DSA keys  use   openssl dsa -pubin -in dsa pub -modulus -noout   to print the public keys  then   openssl dsa -in dsa key -modulus -noout   to display the public keys corresponding to a private key  then compare them

User · Answer

Assuming you have the public keys inside X 509 certificates  and assuming they are RSA keys  then for each public key  do     openssl x509 -in certfile -modulus -noout  For each private key  do     openssl rsa -in keyfile -modulus -noout  Then match the keys by modulus

User · Answer

If it returns nothing  then they match  cat  HOME  ssh id rsa pub  gt  gt   HOME  ssh authorized keys ssh -i  HOME  ssh id rsa localhost

User · Answer

Delete the public keys and generate new ones from the private keys   Keep them in separate directories  or use a naming convention to keep them straight

User · Answer

Encrypt something with the public key  and see which private key decrypts it  This Code Project article by none other than Jeff Atwood implements a simplified wrapper around the  NET cryptography classes  Assuming these keys were created for use with RSA  use the asymmetric class with your public key to encrypt  and the same with your private key to decrypt

User · Answer

Enter the following command to check if a private key and public key are a matched set  identical  or not a matched set  differ  in  USER  ssh directory   The cut command prevents the comment at the end of the line in the public key from being compared  allowing only the key to be compared  ssh-keygen -y -f    ssh id rsa   diff -s -  lt  cut -d     -f 1 2    ssh id rsa pub   Output will look like either one of these lines  Files - and  dev fd 63 are identical  Files - and  dev fd 63 differ  I wrote a shell script that users use to check file permission of their    ssh files and matched key set   It solves my challenges with user incidents setting up ssh  It may help you   https   github com BradleyA docker-security-infrastructure tree master ssh Note  My previous answer  in Mar 2018  no longer works with the latest releases of openssh  Previous answer  diff -qs  lt  ssh-keygen -yf    ssh id rsa   lt  cut -d     -f 1 2    ssh id rsa pub

User · Answer

I always compare an MD5 hash of the modulus using these commands   Certificate  openssl x509 -noout -modulus -in server crt   openssl md5 Private Key  openssl rsa -noout -modulus -in server key   openssl md5 CSR  openssl req -noout -modulus -in server csr   openssl md5   If the hashes match  then those two files go together

User · Answer

I found a way that seems to work better for me  ssh-keygen -y -f  lt private key file gt   That command will output the public key for the given private key  so then just compare the output to each   pub file

User · Answer

For DSA keys  use   openssl dsa -pubin -in dsa pub -modulus -noout   to print the public keys  then   openssl dsa -in dsa key -modulus -noout   to display the public keys corresponding to a private key  then compare them

User · Answer

Delete the public keys and generate new ones from the private keys   Keep them in separate directories  or use a naming convention to keep them straight

User · Answer

Assuming you have the public keys inside X 509 certificates  and assuming they are RSA keys  then for each public key  do     openssl x509 -in certfile -modulus -noout  For each private key  do     openssl rsa -in keyfile -modulus -noout  Then match the keys by modulus

User · Answer

Enter the following command to check if a private key and public key are a matched set  identical  or not a matched set  differ  in  USER  ssh directory   The cut command prevents the comment at the end of the line in the public key from being compared  allowing only the key to be compared  ssh-keygen -y -f    ssh id rsa   diff -s -  lt  cut -d     -f 1 2    ssh id rsa pub   Output will look like either one of these lines  Files - and  dev fd 63 are identical  Files - and  dev fd 63 differ  I wrote a shell script that users use to check file permission of their    ssh files and matched key set   It solves my challenges with user incidents setting up ssh  It may help you   https   github com BradleyA docker-security-infrastructure tree master ssh Note  My previous answer  in Mar 2018  no longer works with the latest releases of openssh  Previous answer  diff -qs  lt  ssh-keygen -yf    ssh id rsa   lt  cut -d     -f 1 2    ssh id rsa pub

User · Answer

The check can be made easier with diff  diff  lt  ssh-keygen -y -f  private key file   public key file  The only odd thing is that diff says nothing if the files are the same  so you ll only be told if the public and private don t match

User · Answer

I always compare an MD5 hash of the modulus using these commands   Certificate  openssl x509 -noout -modulus -in server crt   openssl md5 Private Key  openssl rsa -noout -modulus -in server key   openssl md5 CSR  openssl req -noout -modulus -in server csr   openssl md5   If the hashes match  then those two files go together

User · Answer

Assuming you have the public keys inside X 509 certificates  and assuming they are RSA keys  then for each public key  do     openssl x509 -in certfile -modulus -noout  For each private key  do     openssl rsa -in keyfile -modulus -noout  Then match the keys by modulus

User · Answer

Encrypt something with the public key  and see which private key decrypts it  This Code Project article by none other than Jeff Atwood implements a simplified wrapper around the  NET cryptography classes  Assuming these keys were created for use with RSA  use the asymmetric class with your public key to encrypt  and the same with your private key to decrypt

User · Answer

If you are in Windows and want use a GUI  with puttygen you can import your private key into it     Once imported  you can save its public key and compare it to yours

User · Answer

Just use puttygen and load your private key into it  It offers different options  e g  exporting the corresponding public key

User · Answer

Encrypt something with the public key  and see which private key decrypts it  This Code Project article by none other than Jeff Atwood implements a simplified wrapper around the  NET cryptography classes  Assuming these keys were created for use with RSA  use the asymmetric class with your public key to encrypt  and the same with your private key to decrypt

User · Answer

I always compare an MD5 hash of the modulus using these commands   Certificate  openssl x509 -noout -modulus -in server crt   openssl md5 Private Key  openssl rsa -noout -modulus -in server key   openssl md5 CSR  openssl req -noout -modulus -in server csr   openssl md5   If the hashes match  then those two files go together

User · Answer

For DSA keys  use   openssl dsa -pubin -in dsa pub -modulus -noout   to print the public keys  then   openssl dsa -in dsa key -modulus -noout   to display the public keys corresponding to a private key  then compare them

User · Answer

Delete the public keys and generate new ones from the private keys   Keep them in separate directories  or use a naming convention to keep them straight

User · Answer

The check can be made easier with diff  diff  lt  ssh-keygen -y -f  private key file   public key file  The only odd thing is that diff says nothing if the files are the same  so you ll only be told if the public and private don t match

User · Answer

I found a way that seems to work better for me  ssh-keygen -y -f  lt private key file gt   That command will output the public key for the given private key  so then just compare the output to each   pub file

User · Answer

Delete the public keys and generate new ones from the private keys   Keep them in separate directories  or use a naming convention to keep them straight

User · Answer

Just use puttygen and load your private key into it  It offers different options  e g  exporting the corresponding public key

User · Answer

Assuming you have the public keys inside X 509 certificates  and assuming they are RSA keys  then for each public key  do     openssl x509 -in certfile -modulus -noout  For each private key  do     openssl rsa -in keyfile -modulus -noout  Then match the keys by modulus

User · Answer

If it returns nothing  then they match  cat  HOME  ssh id rsa pub  gt  gt   HOME  ssh authorized keys ssh -i  HOME  ssh id rsa localhost

User · Answer

I always compare an MD5 hash of the modulus using these commands   Certificate  openssl x509 -noout -modulus -in server crt   openssl md5 Private Key  openssl rsa -noout -modulus -in server key   openssl md5 CSR  openssl req -noout -modulus -in server csr   openssl md5   If the hashes match  then those two files go together

User · Answer

I found a way that seems to work better for me  ssh-keygen -y -f  lt private key file gt   That command will output the public key for the given private key  so then just compare the output to each   pub file

User · Answer

Encrypt something with the public key  and see which private key decrypts it  This Code Project article by none other than Jeff Atwood implements a simplified wrapper around the  NET cryptography classes  Assuming these keys were created for use with RSA  use the asymmetric class with your public key to encrypt  and the same with your private key to decrypt

User · Answer

I found a way that seems to work better for me  ssh-keygen -y -f  lt private key file gt   That command will output the public key for the given private key  so then just compare the output to each   pub file

User · Answer

For DSA keys  use   openssl dsa -pubin -in dsa pub -modulus -noout   to print the public keys  then   openssl dsa -in dsa key -modulus -noout   to display the public keys corresponding to a private key  then compare them

[encryption] How do you test a public/private DSA keypair?

Examples related to encryption

Examples related to ssl

Examples related to openssl

Examples related to key