Is there an easy way to verify that a given private key matches a given public key? I have a few *.pub, and a few *.key files, and I need to check which go with which.
是否有一种简单的方法来验证给定的私钥是否与给定的公钥匹配?我有一些。酒吧,还有一些。关键文件,我需要检查哪个和哪个一起。
Again, these are pub/key files, DSA.
这些是pub/key文件,DSA。
I would really prefer a one-liner of some sort...
我真的更喜欢一句俏皮话……
10 个解决方案
#1
227
I found a way that seems to work better for me:
我找到了一种对我来说更好的方法:
ssh-keygen -y -f <private key file>
that command will output the public key for the given private key, so then just compare the output to each *.pub file.
该命令将为给定的私钥输出公钥,因此只需将输出与每个*进行比较。酒吧文件。
#2
50
I always compare an MD5 hash of the modulus using these commands:
我总是用以下命令比较模的MD5哈希值:
Certificate: openssl x509 -noout -modulus -in server.crt | openssl md5
Private Key: openssl rsa -noout -modulus -in server.key | openssl md5
CSR: openssl req -noout -modulus -in server.csr | openssl md5
If the hashes match, then those two files go together.
如果散列匹配,那么这两个文件将一起工作。
#3
46
For DSA keys, use
DSA密钥,使用
openssl dsa -pubin -in dsa.pub -modulus -noout
to print the public keys, then
然后打印公钥
openssl dsa -in dsa.key -modulus -noout
to display the public keys corresponding to a private key, then compare them.
若要显示与私钥对应的公钥,请比较它们。
#4
12
Assuming you have the public keys inside x.509 certificates, and assuming they are RSA keys, then for each public key, do
假设你在x里面有公钥。509证书,假设它们是RSA密钥,那么对于每个公钥,都要这样做
openssl x509 -in certfile -modulus -noout
For each private key, do
对于每个私钥,请执行
openssl rsa -in keyfile -modulus -noout
Then match the keys by modulus.
然后按模数匹配键。
#5
11
The check can be made easier with diff:
这张支票可以用diff来简化:
diff <(ssh-keygen -y -f <private_key_file>) <public key file>
The only odd thing is that diff says nothing if the files are the same, so you'll only be told if the public and private don't match.
唯一奇怪的是,如果文件是相同的,那么diff什么也没有说,所以只有当公共文件和私有文件不匹配时,您才会被告知。
#6
6
Delete the public keys and generate new ones from the private keys. Keep them in separate directories, or use a naming convention to keep them straight.
删除公钥并从私钥生成新的公钥。将它们保存在单独的目录中,或者使用命名约定来保持它们的正确性。
#7
2
If you are in Windows and want use a GUI, with puttygen you can import your private key into it:
如果你在Windows中,想要使用一个GUI,使用puttygen,你可以将你的私钥导入其中:
Once imported, you can save its public key and compare it to yours.
一旦导入,您可以保存它的公钥并将其与您的公钥进行比较。
#8
0
Encrypt something with the public key, and see which private key decrypts it.
用公钥加密一些东西,并查看哪个私钥解密它。
This code project article by none other than Jeff Atwood implements a simplified wrapper around the .NET crypto classes. Assuming these keys were created for use with RSA, use the asymmetric class with your public key to encrypt, and the same with your private key to decrypt.
Jeff Atwood撰写的这篇代码项目文章围绕。net crypto类实现了一个简化的包装器。假设这些密钥是为RSA使用而创建的,那么使用带有公钥的非对称类进行加密,并使用您的私钥进行解密。
#9
0
diff -s <(ssh-keygen -y -f ~/.ssh/id_rsa) <(cut -d ' ' -f 1,2 ~/.ssh/id_rsa.pub)
diff - s <(ssh - keygen - y - f ~ / . ssh / id_rsa)<(切- d ' ' - f 1、2 ~ / . ssh / id_rsa . pub)
#10
-1
Just use puttygen and load your private key into it. Offers different options, e.g. exporting the coressponding public key.
只需使用puttygen并将您的私钥加载到其中。提供不同的选项,例如导出核心服务公钥。
#1
227
I found a way that seems to work better for me:
我找到了一种对我来说更好的方法:
ssh-keygen -y -f <private key file>
that command will output the public key for the given private key, so then just compare the output to each *.pub file.
该命令将为给定的私钥输出公钥,因此只需将输出与每个*进行比较。酒吧文件。
#2
50
I always compare an MD5 hash of the modulus using these commands:
我总是用以下命令比较模的MD5哈希值:
Certificate: openssl x509 -noout -modulus -in server.crt | openssl md5
Private Key: openssl rsa -noout -modulus -in server.key | openssl md5
CSR: openssl req -noout -modulus -in server.csr | openssl md5
If the hashes match, then those two files go together.
如果散列匹配,那么这两个文件将一起工作。
#3
46
For DSA keys, use
DSA密钥,使用
openssl dsa -pubin -in dsa.pub -modulus -noout
to print the public keys, then
然后打印公钥
openssl dsa -in dsa.key -modulus -noout
to display the public keys corresponding to a private key, then compare them.
若要显示与私钥对应的公钥,请比较它们。
#4
12
Assuming you have the public keys inside x.509 certificates, and assuming they are RSA keys, then for each public key, do
假设你在x里面有公钥。509证书,假设它们是RSA密钥,那么对于每个公钥,都要这样做
openssl x509 -in certfile -modulus -noout
For each private key, do
对于每个私钥,请执行
openssl rsa -in keyfile -modulus -noout
Then match the keys by modulus.
然后按模数匹配键。
#5
11
The check can be made easier with diff:
这张支票可以用diff来简化:
diff <(ssh-keygen -y -f <private_key_file>) <public key file>
The only odd thing is that diff says nothing if the files are the same, so you'll only be told if the public and private don't match.
唯一奇怪的是,如果文件是相同的,那么diff什么也没有说,所以只有当公共文件和私有文件不匹配时,您才会被告知。
#6
6
Delete the public keys and generate new ones from the private keys. Keep them in separate directories, or use a naming convention to keep them straight.
删除公钥并从私钥生成新的公钥。将它们保存在单独的目录中,或者使用命名约定来保持它们的正确性。
#7
2
If you are in Windows and want use a GUI, with puttygen you can import your private key into it:
如果你在Windows中,想要使用一个GUI,使用puttygen,你可以将你的私钥导入其中:
Once imported, you can save its public key and compare it to yours.
一旦导入,您可以保存它的公钥并将其与您的公钥进行比较。
#8
0
Encrypt something with the public key, and see which private key decrypts it.
用公钥加密一些东西,并查看哪个私钥解密它。
This code project article by none other than Jeff Atwood implements a simplified wrapper around the .NET crypto classes. Assuming these keys were created for use with RSA, use the asymmetric class with your public key to encrypt, and the same with your private key to decrypt.
Jeff Atwood撰写的这篇代码项目文章围绕。net crypto类实现了一个简化的包装器。假设这些密钥是为RSA使用而创建的,那么使用带有公钥的非对称类进行加密,并使用您的私钥进行解密。
#9
0
diff -s <(ssh-keygen -y -f ~/.ssh/id_rsa) <(cut -d ' ' -f 1,2 ~/.ssh/id_rsa.pub)
diff - s <(ssh - keygen - y - f ~ / . ssh / id_rsa)<(切- d ' ' - f 1、2 ~ / . ssh / id_rsa . pub)
#10
-1
Just use puttygen and load your private key into it. Offers different options, e.g. exporting the coressponding public key.
只需使用puttygen并将您的私钥加载到其中。提供不同的选项,例如导出核心服务公钥。