Public-key authentication relies on asymmetric cryptographic algorithms that generate a pair of separate keys (a key pair), one “private” and the other “public”. We keep the private key a secret and store it on the computer you use to connect to the remote system.
Each private key has a corresponding public key. Generally, the public key can be easily derived from the private key, but deriving the private key from the public key is computationally infeasible.
Understanding Public Key and Private Key
The public key is published for all the world to see. Public keys are created using a complex asymmetric algorithm to pair them with an associated private key.
The private key is a secret key known only by its owner, with the private key and public key paired such that the recipient can use the corresponding key to decrypt the cipher text and read the original message. Private keys are generated using the same algorithms that create public keys to create strong keys that are bonded mathematically.
Understanding Key Pairs
Public keys and private keys come in pairs. The pair is called a key pair. The basic idea of a public key cryptosystem is that the public key can be easily derived from the private key, but the private key cannot be practically derived from the public key.
Generally, deriving the private key would be theoretically possible, but the computation would be so complex that it would take millions of years with current computers, or would consume more energy than will be released by our sun during its lifetime.
To create the digital identity, the public and private key are both generated, and the pair is associated with each other using a strong public key cryptography algorithm. The most common mathematical algorithms used in to generate SSH keys are Rivest–Shamir–Adleman (RSA) and Elliptic Curve Digital Signature Algorithm (ECDSA).
Get the public key from the private key with ssh-keygen
To get a usable public key for SSH purposes, use ssh-keygen:
ssh-keygen -y -f privatekey.pem > key.pub
- -y This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.
- -f filename Specifies the filename of the key file.
Extract the public key from the private key with OpenSSL
OpenSSL is a robust, commercial-grade, full-featured Open Source Toolkit for the Transport Layer Security (TLS) protocol formerly known as the Secure Sockets Layer (SSL) protocol. The protocol implementation is based on a full-strength general-purpose cryptographic library, which can also be used stand-alone.
- openssl rsa -in privatekey.pem -pubout > key.pub