Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSL Public key/Private question
Top Forums UNIX for Dummies Questions & Answers SSL Public key/Private question Post 302322248 by cbkihong on Wednesday 3rd of June 2009 07:45:09 AM
Old 06-03-2009
I assume you are referring to the general case as in HTTPS. It has been quite many years since I studied public key cryptography, let's hope I did not make anything wrong here.

The web server must have the private key. The key file itself must be physically stored on the server, or but you may set it up encrypted by a passphrase so that Apache asks you for the passphrase every time it starts, or else you do so without encrypting the key file (insecure).

I don't think the HTTPS client needs private key.

The openssl command you mentioned simply generates a key. Normally a private key, but that alone is not quite useful because keys normally go in pairs and cryptographically you should not be able to easily compute the other key in the pair with one key alone. Therefore, you will normally generate both at the same time rather than generate a single key (as with "openssl req").
 

10 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

Public/Private Key SSH from UNIX to Windows (Cygwin)

Hello all, I have a bit of trouble working a passwordless SSH from UNIX to Cygwin running windows 2k3. Here are some details. I AM able to SSH from the Windows box to the UNIX box using the keys. Also, I'm able to SSH from UNIX to Windows w/o the keys. However, when I try to do it with the keys... (9 Replies)
Discussion started by: kclerks11
9 Replies

2. Shell Programming and Scripting

SFTP in a shell script without public/private key

Hi everybody, I need some help on writing a script that is able to remote copy file to one server. I already created this types of scripts, and works ok as long as this server I want to copy from is access through telnet. Here is how I do it: ftp -n xxx.xxx.xxx.xxx << _EOF_ user user_name... (6 Replies)
Discussion started by: Alexis Duarte
6 Replies

3. Shell Programming and Scripting

how to ssh to remote unix machines using private/public key

hello, iam able to ssh to a linux server from a linux server called "machine1" using the private/public key method, so I dont need to enter any password when I run my script but iam not able to ssh from machine1 to a UNIX server, access is denied. note that I am using an application id which is... (6 Replies)
Discussion started by: wydadi
6 Replies

4. Linux

SSL/TLS uses the public key to encrypt data ?

Hi, I have a doubt..whether the SSL/TLS protocol uses the public key of the web server to encrypt data before sending it. I knew the browser verifies the public key of the web server using the digital certificate (by verifying the signature of the certificate using trusted authority). whether... (2 Replies)
Discussion started by: chaitus.28
2 Replies

5. UNIX for Dummies Questions & Answers

how to create a public/private key using ssh-keygen

Hi, please guide me create a public/private key using ssh-keygen, lets say I have been access to server named pngpcdb1with a userid and password ...!!! and also please explain in detail the concept of these keys and ssh as I was planning to use them in ftp related scripts..! Thanks in... (1 Reply)
Discussion started by: rahul125
1 Replies

6. Solaris

Public private key setup issue in Solaris 10

Hi i am using solaris 10.I am trying to setup a public/private key but it is not working.Appreciate your repsonse on it There are two servers DB1 server and DB2 server. 1)I have generated public/private key using below step on both servers. ssh-keygen -t rsa 2)From DB1 server moved the... (6 Replies)
Discussion started by: muraliinfy04
6 Replies

7. UNIX for Dummies Questions & Answers

Public and Private Key generation for scp

Hi, What tool is used to generate public and private keys for SCP? Do you have an example script that generates these keys, puts them in files and then another example script that references them from SCP? Thanks, (9 Replies)
Discussion started by: Astrocloud
9 Replies

8. Shell Programming and Scripting

Rsa public private key matching

Hi All, I have a requirement where i need to check if an rsa public key corresponds to a private key and hence return success or failure. Currently i am using the command diff <( ssh-keygen -y -e -f "$PRIVKEY" ) <( ssh-keygen -y -e -f "$PUBLICKEY" ) and its solving my purpose. This is in... (1 Reply)
Discussion started by: mritusmoi
1 Replies

9. UNIX for Advanced & Expert Users

Private and public key encryption

Hi, we have private and public key, encrypt file using public and want to decrypt using private key. can you please advise below commands are correct or other remedy if unix have? encrypt -a arcfour -k publickey.asc -i TESTFILE.csv -o TESTFILE00.csv decrypt -a arcfour -k privatekey.asc... (2 Replies)
Discussion started by: rizwan.shaukat
2 Replies

10. UNIX for Advanced & Expert Users

Ssh public/private key user login problem

I have a user account configuration with ssh public/private key that works on multiple servers centos and rhel. One server (Server F) that is not working in centos 6.8. When i ssh into server f I get prompted for a password. I have verified the config and it all is good. I put sshd into debug... (8 Replies)
Discussion started by: bash_in_my_head
8 Replies

LEARN ABOUT CENTOS

amcrypt-ossl-asym

AMCRYPT-OSSL-ASYM(8)					  System Administration Commands				      AMCRYPT-OSSL-ASYM(8)

NAME

       amcrypt-ossl-asym - crypt program for Amanda asymmetric data encryption using OpenSSL

SYNOPSIS

       amcrypt-ossl-asym [-d]

DESCRIPTION

       amcrypt-ossl-asym uses OpenSSL to encrypt and decrypt data. OpenSSL is available from www.openssl.org. OpenSSL offers a wide variety of
       cipher choices ( amcrypt-ossl-asym defaults to 256-bit AES) and can use hardware cryptographic accelerators on several platforms.

       amcrypt-ossl-asym will search for the OpenSSL program in the following directories:
       /bin:/usr/bin:/usr/local/bin:/usr/ssl/bin:/usr/local/ssl/bin.

GENERATING PUBLIC AND PRIVATE KEYS

       RSA keys can be generated with the standard OpenSSL commands, e.g.:
       $ cd /var/lib/amanda
       $ openssl genrsa -aes128 -out backup-privkey.pem 1024
       Generating RSA private key, 1024 bit long modulus
       [...]
       Enter pass phrase for backup-privkey.pem: ENTER YOUR PASS PHRASE
       Verifying - Enter pass phrase for backup-key.pem: ENTER YOUR PASS PHRASE

       $ openssl rsa -in backup-privkey.pem -pubout -out backup-pubkey.pem
       Enter pass phrase for backup-privkey.pem: ENTER YOUR PASS PHRASE
       Writing RSA key

       To generate a private key without a passphrase, omit the -aes128 option. See openssl_genrsa(1) for more key generation options.

       Note that it is always possible to generate the public key from the private key.

KEY AND PASSPHRASE MANAGEMENT

       amcrypt-ossl-asym uses the public key to encrypt data. The security of the data does not depend on the confidentiality of the public key.
       The private key is used to decrypt data, and must be protected. Encrypted backup data cannot be recovered without the private key. The
       private key may optionally be encrypted with a passphrase.

       While the public key must be online at all times to perorm backups, the private key and optional passphrase are only needed to restore
       data. It is recommended that the latter be stored offline all other times. For example, you could keep the private key on removable media,
       and copy it into place for a restore; or you could keep the private key online, encrypted with a passphrase that is present only for a
       restore.

       OpenSSL's key derivation routines use a salt to guard against dictionary attacks on the pass phrase; still it is important to pick a pass
       phrase that is hard to guess. The Diceware method (see www.diceware.com) can be used to create passphrases that are difficult to guess and
       easy to remember.

FILES

       /var/lib/amanda/backup-privkey.pem
	   File containing the RSA private key. It should not be readable by any user other than the Amanda user.

       /var/lib/amanda/backup-pubkey.pem
	   File containing the RSA public key.

       /var/lib/amanda/.am_passphrase
	   File containing the passphrase. It should not be readable by any user other than the Amanda user.

SEE ALSO

       amanda(8), amanda.conf(5), openssl(1), amcrypt-ossl(8)

       The Amanda Wiki: : http://wiki.zmanda.com/

AUTHOR

       Kevin Till <kevin.till@zmanda.com>
	   Zmanda, Inc. (http://www.zmanda.com)

NOTES

	1. www.openssl.org
	   http://www.openssl.org/

	2. www.diceware.com
	   http://www.diceware.com/

Amanda 3.3.3							    01/10/2013						      AMCRYPT-OSSL-ASYM(8)
All times are GMT -4. The time now is 06:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy