Extract public/private key from PKCS12 file for later use in SSH-PK-Authentication

ssh openssl certificate x509 pkcs#12
lazydaemon picture lazydaemon · Feb 29, 2012 · Viewed 417.1k times · Source

I want to extract the public and private key from my PKCS#12 file for later use in SSH-Public-Key-Authentication.

Right now, I'm generating keys via ssh-keygen which I put into .ssh/authorized_key, respective somewhere on the client-side.

In future, I want to use the keys from a PKCS#12 container, so I've to extract the public-key first from PKCS#12 and then put them into the .ssh/authorized_keys file. Is there any chance to get this working via openssl? Are the keys in PKCS#12 compatible for ssh-public-key authentication?

Answer

Nilesh picture Nilesh · Mar 1, 2012

You can use following commands to extract public/private key from a PKCS#12 container:

  • PKCS#1 Private key

    openssl pkcs12 -in yourP12File.pfx -nocerts -out privateKey.pem

  • Certificates:

    openssl pkcs12 -in yourP12File.pfx -clcerts -nokeys -out publicCert.pem

Related questions

Does .pem file contain both private and public keys?

I am wondering if PEM-files contain both private and public keys? What does "PEM" stand for?

Read More
How to solve ssh: /usr/lib64/libcrypto.so.10: no version information available

I am trying to do ssh and got following message: ]#ssh ssh: /usr/lib64/libcrypto.so.10: no version information available (required by ssh) ssh: /usr/lib64/libcrypto.so.10: no version information available (required by ssh) ssh: /usr/lib64/libcrypto.so.10: …

Read More
FIPS integrity verification test failed when iniating SSH session

I recently enabled the FIPS module under CentOS 6 (minimum install). Module is confirmed working: cat /proc/sys/crypto/fips_enabled yields 1 openssl md5 somefile(fails) and openssl sha1 somefile(succeeds). openssl version yields OpenSSL 1.0.1e-fips 11 Feb 2013 When I attempt to …

Read More