Public key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one “private” and the other “public”. We keep the private key a secret and store it on the computer you use to connect to the remote system.
Each private key has a corresponding public key. Generally, the public key can be easily derived from the private key, but deriving the private key from the public key is computationally infeasible.
In this post, we will share how to create a private key in 2 ways.
Understanding Public Key and Private Key
- The public key is published for all the world to see. Public keys are created using a complex asymmetric algorithm to pair them with an associated private key.
- The private key is a secret key known only by its owner, with the private key and public key paired such that the recipient can use the corresponding key to decrypt the cipher text and read the original message. Private keys are generated using the same algorithms that create public keys to create strong keys that are bonded mathematically.
Public key cryptography provides the basis for securely sending and receiving messages with anyone whose public key you can access.
Public keys enable:
- Users to encrypt a message to other individuals on the system
- You can confirm a signature signed by someone’s private key
Private keys enable:
- You can decrypt a message secured by your public key
- You can sign your message with your private key so that the recipients know the message could only have come from you.
Understanding Key Pairs
Public keys and private keys come in pairs. The pair is called a key pair. The basic idea of a public key cryptosystem is that the public key can be easily derived from the private key, but the private key cannot be practically derived from the public key.
Generally, deriving the private key would be theoretically possible, but the computation would be so complex that it would take millions of years with current computers, or would consume more energy than will be released by our sun during its lifetime.
To create the digital identity, the public and private key are both generated, and the pair is associated with each other using a strong public key cryptography algorithm. The most common mathematical algorithms used in to generate SSH keys are Rivest–Shamir–Adleman (RSA) and Elliptic Curve Digital Signature Algorithm (ECDSA).
create private key with ssh-keygen in Linux
The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store keys. Here’s an example: ssh-keygen -t rsa -b 2048 -m PEM
First, the tool asked where to save the file. SSH keys for user authentication are usually stored in the user’s .ssh directory under the home directory. However, in enterprise environments, the location is often different. The default key file name depends on the algorithm, in this case id_rsa when using the default RSA algorithm. It could also be, for example, id_dsa or id_ecdsa. ssh-keygen -f /keyfilepath -t rsa -b 2048 -m PEM
Create private key with OpenSSL in Linux
OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. The protocol implementation is based on a full-strength general purpose cryptographic library, which can also be used stand-alone. openssl genrsa -out private-key-ssl.pem 2048