Unix/Linux Go Back    


UNIX for Dummies Questions & Answers This forum is closed for new posts. Please post beginner questions to learn unix and learn linux in this forum UNIX for Beginners Questions & Answers

SSL Public key/Private question

UNIX for Dummies Questions & Answers


 
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 06-03-2009   -   Original Discussion by tical00
tical00 tical00 is offline
Registered User
 
Join Date: Jun 2009
Last Activity: 4 June 2009, 12:04 AM EDT
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
SSL Public key/Private question

Hi everyone,
I have a quick/newb question:

I know that a public key is used to encrypt data and a private key is used to decrypt data but who keeps the public/private keys??

Does the Web Server hold both?
Does the Web Server have the public key and does the client have the private key?
Does the Client have both?

When I create a key using the openssl command (e.g. openssl genrsa -des3 -out server.key 4096) is that the private or public key??

Please help, thanks.
Sponsored Links
    #2  
Old Unix and Linux 06-03-2009   -   Original Discussion by tical00
cbkihong cbkihong is offline Forum Advisor  
Advisor
 
Join Date: Sep 2002
Last Activity: 4 May 2014, 6:22 AM EDT
Location: Hong Kong, China
Posts: 1,622
Thanks: 0
Thanked 11 Times in 10 Posts
I assume you are referring to the general case as in HTTPS. It has been quite many years since I studied public key cryptography, let's hope I did not make anything wrong here.

The web server must have the private key. The key file itself must be physically stored on the server, or but you may set it up encrypted by a passphrase so that Apache asks you for the passphrase every time it starts, or else you do so without encrypting the key file (insecure).

I don't think the HTTPS client needs private key.

The openssl command you mentioned simply generates a key. Normally a private key, but that alone is not quite useful because keys normally go in pairs and cryptographically you should not be able to easily compute the other key in the pair with one key alone. Therefore, you will normally generate both at the same time rather than generate a single key (as with "openssl req").
Sponsored Links
    #3  
Old Unix and Linux 06-04-2009   -   Original Discussion by tical00
tical00 tical00 is offline
Registered User
 
Join Date: Jun 2009
Last Activity: 4 June 2009, 12:04 AM EDT
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Thanks for the reply.

So your saying that the certificate is actually the public key?
    #4  
Old Unix and Linux 06-04-2009   -   Original Discussion by tical00
robsonde robsonde is offline
Registered User
 
Join Date: Dec 2007
Last Activity: 27 February 2013, 8:50 PM EST
Posts: 216
Thanks: 2
Thanked 0 Times in 0 Posts
start by generating a private key

Code:
openssl genrsa -out x.key 1024

Then use that private key to generate your request to the CA.

Code:
openssl req -new -key x.key -out request.pem

then you send the request.pem to the CA.
they will return a signed certificate.

the x.key file is both the Public key and the Private key.
the signed cert is just the public key with a signed blob of crypto stuff.

Last edited by robsonde; 06-04-2009 at 02:01 AM..
Sponsored Links
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Public/Private Key SSH from UNIX to Windows (Cygwin) kclerks11 Windows & DOS: Issues & Discussions 9 12-02-2008 11:30 PM
ssh public/private Keys richo king UNIX for Dummies Questions & Answers 2 03-13-2008 07:34 PM
SSH public and private keys new2ss UNIX for Advanced & Expert Users 2 02-13-2006 11:06 PM
private network to private network gateway norsk hedensk IP Networking 2 12-05-2002 01:25 PM



All times are GMT -4. The time now is 05:19 AM.