I have created a public/private key pair with this command:
ssh-keygen -t rsa -b 4096 -f my-trusted-key -C "Just a public/private key"
I can open the private key file and I see:
$ cat my-trusted-key -----BEGIN OPENSSH PRIVATE KEY----- b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn etc
but when I run the following command:
$ openssl rsa -in my-trusted-key -text -inform PEM -noout
I get the following error
unable to load Private Key 4506685036:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/AppleInternal/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-47.140.1/libressl-2.8/crypto/pem/pem_lib.c:684:Expecting: ANY PRIVATE KEY
what is the issue here and it fails?
Update
After the comment from @garethTheRed I created a private key using openssl as follows:
$ openssl genrsa -out anotherkey.key 2048
and I can see:
$ cat anotherkey.key -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAuc3m0tXo8UQvF8CJi9Cy7580WxfKvFHYZ3F06Uh19s9c51R/
and now the command works i.e.
openssl rsa -in anotherkey.key -text -inform PEM -noout
Private-Key: (2048 bit) modulus: 00:b9:cd:e6:d2:d5:e8:f1:44:2f:17:c0:89:8b:d0: b2:ef:9f:34:5b:17:ca:bc:51:d8:67:71:74:e9:48
but I don't understand the difference. Both files are PEM format, both when viewed using cat
show the same format.
So why the pem generated by ssh-keygen
is rejected?
ssh-keygen
generates an SSH key, whileopenssl rsa
doesn't read SSH keys - it can read PKCS#1 or PKCS#8.openssl
then how can I do the exact equivalent with another tool?