Create an SSH Key

Create a key called foobar:

ssh-keygen -t rsa -b 4096

View the Key Material

View the private key material:

openssl rsa -text -noout -in foobar

# RSA Private-Key: (4096 bit, 2 primes)

# modulus: <octets>

# publicExponent: 65537 (0x10001)

# privateExponent: <octets>

# prime1: <octets>

# prime2: <octets>

# exponent1: <octets>

# exponent2: <octets>

# coefficient: <octets>

Export public key from private key:

openssl rsa -in foobar -pubout > foobar.pub

# writing RSA key

View public key:

openssl rsa -text -noout -pubin -in foobar.pub

# RSA Public-Key: (4096 bit)

# Modulus: <octets>

# Exponent: 65537 (0x10001)

Create SSH Public Key From An existing Private Key

ssh-keygen -y -f foobar > ./foobar.new.pub

Use ssh-keygen to read a private cert:

ssh-keygen -l -f ./foobar

# 4096 SHA256:w6JCjrrkZUt1XdCENaOA8SUAKXFfDJZDd9CqbpJSuwM no comment (RSA)

Helpful openssl man pages

It turns out that once we get over our anxiety, the openssl tool is actually pretty easy to learn:

• ec
• rsa
• pkey
• x509
• verify
• s_client

It's also a giant ball of mud, but life is hard.