srob1
commented
2 years ago In case it's helpful, the following will test whether or not a key file is encrypted:
if ssh-keygen -y -P "" -f "$path_to_keyfile" &>/dev/null; then
echo "unprotected"
else
echo "protected"
fi
and could be used to test whether to prompt for a password and unencrypt a key before using it.
Note: ssh-keygen will warn and refuse to function unless the key file permissions restrict access to the user. unfortunately, there is no option to suppress this check.
It would be nice if when enabling https the box could detect that the private key file is encrypted and prompt for the password to decrypt it.
It's not very secure to have an unencrypted private key lying around.
All my private keys are 256-bit AES encrypted during key generation and are never stored on disk unencrypted.
So in order to upload the unencrypted key to the NTP200 each time I need to enable https I have to decrypt the key temporarily which I would like to avoid.
This will do the trick:
openssl rsa -in encrypted_key.pem -passin pass:password -out unencrypted_key.pemwhere password is the password entered by the user when prompted.