Generate Key File From Pem

Posted on by

How do I convert my Amazon Elastic Compute Cloud (Amazon EC2) Privacy Enhanced Mail (.pem) file to a PuTTY Private Key (.ppk) file? Or, convert a .ppk file to a .pem file?

  1. Generate Key File From Pembroke
  2. Linux Generate Pem File

Enter the name of the.pem file for example: my-certificate.pem. Step by step from generating key to login: Generate the key with $ ssh-keygen -t rsa -b 2048 -v and when asked to enter file in which to save the key, type my-certificate and when asked to enter passphrase, press Enter (empty passphrase) and confirm by Enter. Generate an RSA private key, of size 2048, and output it to a file named key.pem: openssl genrsa -out key.pem 2048 Generating RSA private key, 2048 bit long modulus. e is 65537 (0x10001).

Short Description

PuTTY doesn't natively support the private key format (.pem) generated by Amazon EC2. You must convert your private key into a .ppk file before you can connect to your instance using PuTTY. You can use the PuTTYgen tool for this conversion. This tool, available for both Windows and Unix operating system, can convert keys.

Generate Key File From Pembroke

Resolution

Windows - install PuTTYgen

Most Windows operating systems have PuTTY installed. If your system doesn't, download and install PuTTYgen.

Windows - convert a .pem file to a .ppk file

Start PuTTYgen, and then convert the .pem file to a .ppk file. For detailed steps, see Convert Your Private Key Using PuTTYgen.

Windows - convert a .ppk file to a .pem file

  1. Start PuTTYgen. For Actions, choose Load, and then navigate to your .ppk file.
  2. Choose the .ppk file, and then choose Open.
  3. (Optional) For Key passphrase, enter a passphrase. For Confirm passphrase, re-enter your passphrase.
    Note: Although a passphrase isn't required, you should specify one as a security measure to protect the private key from unauthorized use. Using a passphrase makes automation difficult, because human intervention is needed to log in to an instance or to copy files to an instance.
  4. From the menu at the top of the PuTTY Key Generator, choose Conversions, Export OpenSSH Key.
    Note: If you didn't enter a passphrase, you receive a PuTTYgen warning. Choose Yes.
  5. Name the file and add the .pem extension.
  6. Choose Save.

Unix or Linux - install PuTTY

Install PuTTY, if it's not already on your system.

Important: A PuTTY package is provided by the Extra Packages for Enterprise Linux (EPEL) repository. You must enable the EPEL repository before you install PuTTY.

To install PuTTY, run one of the following commands:

RPM-based

Dpkg-based

Unix or Linux - convert a .pem file to a .ppk file

On the instance shell, run the puttygen command to convert your .pem file to a .ppk file:

Unix or Linux - convert a .ppk file to a .pem file

Run the puttygen command to convert a .ppk file into a .pem file:

Related Information

Anything we could improve?

Need more help?

Related Videos

Daniel shows you how to convert a private key to and from .ppk and .pem formats (3:48)

While Encrypting a File with a Password from the Command Line using OpenSSLis very useful in its own right, the real power of the OpenSSL library is itsability to support the use of public key cryptograph for encrypting orvalidating data in an unattended manner (where the password is not required toencrypt) is done with public keys.

Microsoft key generator free download. Click Here to Download MS Office 2010 Product Key Generator Full Version Free DownloadMS Office 2010 Product Key Generator:This software is developed by Microsoft corporation which is complete set of programs assist you to do work in office and presented as a desktop suit. Microsoft Office 2010 Product Key Generator contains many advanced features and improved interface which assist you to work and its novel tools helps you to transfer data correctly. Its interface is very easy to use even on tablets and its adapted version is entirely optimized for Windows 7,8 and 8.1.

The Commands to Run

Generate a 2048 bit RSA Key

You can generate a public and private RSA key pair like this:

openssl genrsa -des3 -out private.pem 2048

That generates a 2048-bit RSA key pair, encrypts them with a password you provideand writes them to a file. You need to next extract the public key file. You willuse this, for instance, on your web server to encrypt content so that it canonly be read with the private key.

Export the RSA Public Key to a File

This is a command that is

openssl rsa -in private.pem -outform PEM -pubout -out public.pem

The -pubout flag is really important. Be sure to include it.

Next open the public.pem and ensure that it starts with-----BEGIN PUBLIC KEY-----. This is how you know that this file is thepublic key of the pair and not a private key.

To check the file from the command line you can use the less command, like this:

less public.pem

Do Not Run This, it Exports the Private Key

A previous version of the post gave this example in error.

openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM

The error is that the -pubout was dropped from the end of the command.That changes the meaning of the command from that of exporting the public keyto exporting the private key outside of its encrypted wrapper. Inspecting theoutput file, in this case private_unencrypted.pem clearly shows that the keyis a RSA private key as it starts with -----BEGIN RSA PRIVATE KEY-----.

Visually Inspect Your Key Files

It is important to visually inspect you private and public key files to makesure that they are what you expect. OpenSSL will clearly explain the nature ofthe key block with a -----BEGIN RSA PRIVATE KEY----- or -----BEGIN PUBLIC KEY-----.

You can use less to inspect each of your two files in turn:

They produce relatively high emissions. They create a lot of unwanted noise and annoying sounds. Do key generators ever work.

  • less private.pem to verify that it starts with a -----BEGIN RSA PRIVATE KEY-----
  • less public.pem to verify that it starts with a -----BEGIN PUBLIC KEY-----

The next section shows a full example of what each key file should look like.

Linux Generate Pem File

The Generated Key Files

The generated files are base64-encoded encryption keys in plain text format.If you select a password for your private key, its file will be encrypted withyour password. Be sure to remember this password or the key pair becomes useless.

The private.pem file looks something like this:

The public key, public.pem, file looks like:

Protecting Your Keys

Depending on the nature of the information you will protect, it’s important tokeep the private key backed up and secret. The public key can be distributedanywhere or embedded in your web application scripts, such as in your PHP,Ruby, or other scripts. Again, backup your keys!

Remember, if the key goes away the data encrypted to it is gone. Keeping aprinted copy of the key material in a sealed envelope in a bank safety depositbox is a good way to protect important keys against loss due to fire or harddrive failure.

Oh, and one last thing.

If you, dear reader, were planning any funny business with the private key that I have just published here. Know that they were made especially for this series of blog posts. I do not use them for anything else.

Found an issue?

From

Rietta plans, develops, and maintains applications.

Learn more about our services or drop us your email and we'll e-mail you back.

Other Blog Articles Published by Rietta.com