I lost my public key. Can I recover it from a private key?

Paul Du Bois picture Paul Du Bois · May 31, 2013 · Viewed 14.5k times · Source

I created a key pair + signed certificate for iOS/OSX development. Somewhere along the way, I lost the public key that goes with my private key. Maybe it's because Keychain Access doesn't group the private and public keys together, like it does with certificates and private keys (that is so irritating! why does it (not) do that!)

In Keychain Access, I can still right-click the private key -> "Request a certificate"; but without the public key available I get the error "The specified item could not be found in the keychain". I am pretty sure that public keys are recoverable, but how? Obviously, Keychain Access isn't smart enough to do it automatically.

I eventually figured this out and will mark my answer correct after a few days, unless someone adds something new to the answer.

Answer

Paul Du Bois picture Paul Du Bois · May 31, 2013

I remembered vaguely being able to do this with openssl on .pem files, so that's the direction I headed.

  • In Keychain Access, export the private key as eg private.p12. Apply a password, or not.
  • Convert it to .pem: openssl pkcs12 -in private.p12 -out private.pem. Enter password from previous step. You're forced to apply a password to the .pem.
  • Extract the public portion: openssl rsa -in private.pem -pubout > public.pem. Enter password from previous step.
  • Import into Keychain Access: security import public.pem -k login.keychain. If you don't specify a keychain, the import appears to complete but I couldn't find where the item was put.
  • In Keychain Access, look in the login keychain for "Imported Public Key". Rename it and move to the desired location.
  • Clean up after yourself, especially those .p12 and .pem private keys with no or poor passwords.