Skip to main content

~/christopher.loessl

Improving the security of your SSH private key files — Martin Kleppmann’s blog

Read this great article:

Improving the security of your SSH private key files — Martin Kleppmann’s blog.

For my own convenience I just put all the important commands together but won’t explain anything. Again: Go and read the article.

Reading “normal” ASN.1 key (RSA and DSA without passphrase):

openssl asn1parse -in test_rsa_key

Reading passphrase protected RSA key:

openssl rsa -text -in test_rsa_key

Update key from MD5 hashing to PKCS:

mv key key.old
openssl pkcs8 -topk8 -v2 des3 -in key.old -out key
chmod 600 key # IMPORTANT !

The key is now back to ASN.1 structure so you can read it with:

openssl asn1parse -in test_rsa_key

Test the new key. If it works just remove the old one. If it doesn’t you still have you old key.

Done.