Categories
SysOps

How to check consistency of an EC or RSA private key

Check the consistency of an EC or RSA private key.

Check the consistency of an unencrypted RSA private key.

$ openssl rsa -in rsa_key_dec.pem -noout -check
RSA key ok

Check the consistency of an encrypted RSA private key.

$ openssl rsa -in rsa_key_enc.pem -passin pass:keypass -noout -check
RSA key ok

Check the consistency of an unencrypted EC private key.

$ openssl ec -in ec_key_dec.pem  -noout -check 
read EC key
EC Key valid.

Check the consistency of an encrypted EC private key.

$ openssl ec -in ec_key_enc.pem -aes256 -passin pass:keypass  -noout -check 
read EC key
EC Key valid.

You will get an error and in case something is wrong.

$ openssl ec -in ec_key_enc_err.pem -aes256 -passin pass:keypass  -noout -check
read EC key
unable to load Key
140493977212288:error:09091064:PEM routines:PEM_read_bio_ex:bad base64 decode:../crypto/pem/pem_lib.c:943:

You can use exit code to detect a problem.

$ echo $?                                                                       
1

The same situation goes for incorrect password.

$ openssl rsa -in rsa_key_enc.pem -passin pass:wrongkeypass -noout -check 
unable to load Private Key
140635927500160:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:../crypto/evp/evp_enc.c:610:
140635927500160:error:0906A065:PEM routines:PEM_do_header:bad decrypt:../crypto/pem/pem_lib.c:461:
$ echo $?                                                                       
1