Privacy-Enhanced Mail (PEM) (OpenSsh key format)

> Software Security > Cryptography - Key

1 - About

Privacy-Enhanced Mail (PEM) is a key file formats. It's one of the format used to store private key. See format

The PEM format is the base64 encoded version of the DER formated data with additional header and footer lines to be transported via e.g. … E-mail. (ie The M is PEM)

The PEM format is readable as ASCII text used by the Openssl ssh

Advertising

3 - Format

The header and footer lines in the PEM format are normally:

 -----BEGIN CERTIFICATE REQUEST-----
 -----END CERTIFICATE REQUEST-----

but may also be:

 -----BEGIN NEW CERTIFICATE REQUEST-----
 -----END NEW CERTIFICATE REQUEST-----

4 - Management

4.1 - Create

Genrsa Syntax - Generate an RSA private key create a:

  • 1024 bit RSA key
  • encrypted using Triple-DES
  • with openssl
openssl \
  genrsa \ 
  -des3 `# encrypt the key with DES in ede cbc mode (168 bit key)`  \
  -out server.key.pem `# the key file`  \
  1024 `# num of bit`

Example:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B03FF7BC9D49E89C

8vSw4nlXuuAyJHfxnWCbi7QPW/QMgFU1HNlnSvt/10HEbSep+E6H8seRKwRK5TAW
q4TjSzrfL3Mg0Rq4jB3uEHLbEOFxoOOCrVLh+Okrdk4MmqTsUAFZaJMfAcy22Uqx
biHAHykE1Rp90Mnf8vbm4WukXDOeTmgr6x7ZJqIGaTZnF82kYz1IMoWoCy5mGfwD
ZCMHPkXRyCdQJikR+uDx/92waeCSJCcd6OXOJ/j3NFOZMzfrprUjYaIUc5EYXFgv
hEsIPHksKnboqFQzOZuqLCYNXSYq2Cld0CrEXTDDHNGWqZuT/5RLquwWmaBtqa+e
I63iL8a7d+1QvrUzuin34wUAZT7ccZdll6upq52C41J5zxw3oKlb5PqqrEhJ/C+Y
u0N7ap7A1ODw9lnKKHHsr391RedQ4l3yWPZdb+XzoyzSHMC8h45EK/VvHzXBBVu1
dsJaWLJUMaD4CviAeydV1159Qoddw2j6NcS94Iif6m4MEaH/NteTNFE2OgnD21so
v0k4vE8fKsYjbNJPLnGRxDOdTLQ1HVQVd2i9/PWj60hlE4Ef7hl/BaMC+GreM3xh
uV8MpBV+SDc2LhbVna0+CfB6vcZxIMsI1nHOQY4z4bNr14p2vRFtqRfWcy/M0fSC
madpGO1xNYnQZOvJEcHu6nGQsU6AgwpCKVizfxTQ8oAjrrvLdl9WvF4FWOvI2jxI
yVrQP0a/lRGN3Fh6DxS6EJSsMzwvr7htwfo+SVNYDMDlbUoFlvTHT9sMpKrh3Cke
oGrOjjCrPAlMmeKpqw1LOk1B1a/CgPM4BzwS4+MO5+KAwmVSpe/zOQ==
-----END RSA PRIVATE KEY-----
Advertising

4.2 - Export

with Portecle > Right Click on the Entry > Export

4.3 - To

4.3.1 - DER format

to Distinguished Encoding Rules (DER)

openssl rsa –in file.der –inform DER –out file.pem –outform PEM

4.3.2 - PPK (Putty)

PEM to Key - ppk key format:

  • Open Putty Key Generator
  • File > Import

  • Change the key comment
  • And save it as a key
Advertising

4.4 - Read

4.5 - Concat

The following command uses a CRT file named keystore.crt and a key file named keystore.key to create a PEM keystore named infa_keystore.pem:

cat keystore.crt keystore.key >> keystore.pem

4.6 - Decrypt

openssl rsa -in [encrypted.key] -out [unencrypted.key]
Enter pass phrase for encrypted.key.pem:
writing RSA key