SSH private / public key pair & self sign certificate.

 

One of the most common forms of cryptography today is public-key cryptography helps to communicate two system by encrypting information using the public key and information can be decrypted using private key. These keys are using mainly on login to server securely and also transferring data securely.

We can generate these private public keys by various ways.

1) By using openssl.

 

openssl genrsa -out mykey.pem 1024

with password encryption

 openssl genrsa -des3 -out mykey.pem 1024

1024 is the key encryption bytes, more value means more secure it is.

 

Generate public key:

 openssl rsa -in mykey.pem -pubout > publickey.pub

now mykey.pem is prvate key , and publickey.pub is public key

 

2) By using ssh keygen

ssh-keygen -t rsa
 ssh-keygen -t rsa -b 2048
 -b gives bytes of encoding.
 Generating public/private rsa key pair.
 Enter file in which to save the key (/root/.ssh/id_rsa):( give new path or hit enter key)
 Enter passphrase (empty for no passphrase): [Press enter key]
 Enter same passphrase again: [Pess enter key]
 Your identification has been saved in /root/.ssh/id_rsa.
 Your public key has been saved in /root/.ssh/id_rss.pub.

3) using putty-gen for windows.

Download puttyGen from http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html and run it.

You can select one of the key types, SSH-1, SSH-2, and SSH-2 DSA.
SSH-2 is probably better than others but you have to make sure if your system supports SSH-2, if your system ( server) doesnt support it then you better off with SSH-1.

Level of encryption can be set from “Number of bits in a generated key” . Security level can be enhance by using 2048  but again make sure where you are using it and thus follow the recommendation for this value. I prefer 2048 but even with 1024 is much more secure.

Click on generate to create keys. Move your mouse over the empty space to help puttygen to genereate random variables.

 

Once the key is generated you will see following window.

 

If you want to login without password ( in case of ssh login) you can put your passphase empty. click on Save Public key and Save private key to save your keys.

When you save private key it will be saved in ppk format which you can use putty to login to your system.

We can get private key for openSSH by clicking on Conversions->Export OpenSSH key

 

 

 

If you want to use ssh to login with these generated key / pair then
copy public key ( mykey.pub) to .ssh/authorized_key.

 

 

 

Generating Self sign certificate:

 openssl req -new -x509 -key mykey.pem -out certificate.cer -days 1825

 Enter PEM pass phrase: - type your passphrase here.
 You are about to be asked to enter information that will be incorporated
 into your certificate request.
 What you are about to enter is what is called a Distinguished Name or a DN.
 There are quite a few fields but you can leave some blank
 For some fields there will be a default value,
 If you enter '.', the field will be left blank.


 Country Name (2 letter code) []:< country short code>
 State or Province Name (full name) []:<state>
 Locality Name (eg, city) []:<city name>
 Organization Name (eg, company) []:<organization name>
 Organizational Unit Name (eg, section) []:
 Common Name (eg, your websites domain name) []:<host name >
 Email Address []:<youremail@email.com>