- I am trying to use the OpenSSL command line to generate a ECDH public key that meets the following specifications: Use a Base64 encoded X.509 SubjectPublicKeyInfo structure containing a ECDH pub.
- A separate public key file is not created at the same step though. To extract public key from the private key file into separate public key file you use your openssl rsa -in private.pem -pubout -out public.pem command. When you produce a public key this way, it is extracted from the private key file, not calculated.
Run it on your local computer to generate a 2048-bit RSA key pair, which is fine for most uses. Ssh-keygen The utility prompts you to select a location for the keys. By default, the keys are stored in the /.ssh directory with the filenames idrsa for the private key and idrsa.pub for the public key. Assuming you have the SSH private key idrsa, you can extract the public key from it like so: openssl rsa -in idrsa -pubout -out idrsa.pub.pem I realize the OP asked about converting a public key, so this doesn't quite answer the question, however I thought it would be useful to some anyway. I'm using CoreFTP which allows the generation of keys using RSA. It says that it generates 'OpenSSH compatible certificates sic' when you press the generate keys button. The keys it generates have -BEGIN RSA PUBLIC KEY- at the start (and then the key and then an end marker). My bank rejects my public key and says it should begin ssh-rsa.
|# Generate Private Key and Certificate using RSA 256 encryption (4096-bit key)|
|openssl req -x509 -newkey rsa:4096 -keyout privatekey.pem -out certificate.pem -days 365|
|# Alternatively, setting the '-newkey' parameter to 'rsa:2048' will generate a 2048-bit key.|
|# Generate PKCS#12 (P12) file for cert; combines both key and certificate together|
|openssl pkcs12 -export -inkey privatekey.pem -in certificate.pem -out cert.pfx|
|# Generate SHA256 Fingerprint for Certificate and export to a file|
|openssl x509 -noout -fingerprint -sha256 -inform pem -in certificate.pem >> fingerprint.txt|
|# Generate SHA1 Fingerprint for Certificate and export to a file|
|#openssl x509 -noout -fingerprint -sha1 -inform pem -in certificate.pem >> fingerprint.txt|
|# FYI, it's best practice to use SHA256 instead of SHA1 for better security, but this shows how to do it if you REALLY need to.|
Nov 7, 2019
Openssl Generate Ssh-rsa Public Key Largo
Here's a couple useful links related to this: