Openssl Generate Key Pair Without Passphrase

Posted on by
Openssl Generate Key Pair Without Passphrase Average ratng: 3,6/5 3187 votes

On Windows, you can create SSH keys in many ways. This document explains how to use two SSH applications, PuTTY and Git Bash.

Joyent recommends RSA keys because the node-manta CLI programs work with RSA keys both locally and with the ssh agent. DSA keys will work only if the private key is on the same system as the CLI, and not password-protected.

Jan 31, 2010 Use your key to create your ‘Certificate Signing Request’ - and leave the passwords blank to create a testing ‘no password’ certificate openssl req -new -key server.key -out server.csr Output. This will fire up OpenSSL, instruct it to generate a certificate signing request, and let it know to use a key we are going to specify – the one we just created, in fact. Note that a certificate signing request always has a file name ending in.csr. I am using the following command in order to generate a CSR together with a private key by using OpenSSL: openssl req -new -subj '/CN=sample.myhost.com' -out newcsr.csr -nodes -sha512.

PuTTY

PuTTY is an SSH client for Windows. You can use PuTTY to generate SSH keys. PuTTY is a free open-source terminal emulator that functions much like the Terminal application in macOS in a Windows environment. This section shows you how to manually generate and upload an SSH key when working with PuTTY in the Windows environment.

About PuTTY

PuTTY is an SSH client for Windows that you will use to generate your SSH keys. You can download PuTTY from www.chiark.greenend.org.uk.

When you install the PuTTY client, you also install the PuTTYgen utility. PuTTYgen is what you will use to generate your SSH key for a Windows VM.

This page gives you basic information about using PuTTY and PuTTYgen to log in to your provisioned machine. For more information on PuTTY, see the PuTTY documentation

Generating an SSH key

To generate an SSH key with PuTTYgen, follow these steps:

  1. Open the PuTTYgen program.
  2. For Type of key to generate, select SSH-2 RSA.
  3. Click the Generate button.
  4. Move your mouse in the area below the progress bar. When the progress bar is full, PuTTYgen generates your key pair.
  5. Type a passphrase in the Key passphrase field. Type the same passphrase in the Confirm passphrase field. You can use a key without a passphrase, but this is not recommended.
  6. Click the Save private key button to save the private key. You must save the private key. You will need it to connect to your machine.
  7. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All.
  8. Right-click again in the same text field and choose Copy.

Importing your SSH key

Now you must import the copied SSH key to the portal.

  1. After you copy the SSH key to the clipboard, return to your account page.
  2. Choose to Import Public Key and paste your SSH key into the Public Key field.
  3. In the Key Name field, provide a name for the key. Note: although providing a key name is optional, it is a best practice for ease of managing multiple SSH keys.
  4. Add the key. It will now appear in your table of keys under SSH.

PuTTY and OpenSSH use different formats of public SSH keys. If the text you pasted in the SSH Key starts with —— BEGIN SSH2 PUBLIC KEY, it is in the wrong format. Be sure to follow the instructions carefully. Your key should start with ssh-rsa AAAA….

Once you upload your SSH key to the portal, you can connect to your virtual machine from Windows through a PuTTY session.

Git Bash

The Git installation package comes with SSH. Using Git Bash, which is the Git command line tool, you can generate SSH key pairs. Git Bash has an SSH client that enables you to connect to and interact with Triton containers on Windows.

To install Git:

  1. (Download and initiate the Git installer](https://git-scm.com/download/win).
  2. When prompted, accept the default components by clicking Next.
  3. Choose the default text editor. If you have Notepad++ installed, select Notepad++ and click Next.
  4. Select to Use Git from the Windows Command Prompt and click Next.
  5. Select to Use OpenSSL library and click Next.
  6. Select to Checkout Windows-style, commit Unix-style line endings and click Next.
  7. Select to Use MinTTY (The default terminal of mYSYS2) and click Next.
  8. Accept the default extra option configuration by clicking Install.

When the installation completes, you may need to restart Windows.

Launching GitBash

To open Git Bash, we recommend launching the application from the Windows command prompt:

  1. In Windows, press Start+R to launch the Run dialog.
  2. Type C:Program FilesGitbinbash.exe and press Enter.

Generating SSH keys

First, create the SSH directory and then generate the SSH key pair.

One assumption is that the Windows profile you are using is set up with administrative privileges. Given this, you will be creating the SSH directory at the root of your profile, for example:

  1. At the Git Bash command line, change into your root directory and type.

  1. Change into the .ssh directory C:Usersjoetest.ssh

  2. To create the keys, type:
  1. When prompted for a password, type apassword to complete the process. When finished, the output looks similar to:

Uploading an SSH key

To upload the public SSH key to your Triton account:

  1. Open Triton Service portal, select Account to open the Account Summary page.
  2. From the SSH section, select Import Public Key.
  3. Enter a Key Name. Although naming a key is optional, labels are a best practice for managing multiple SSH keys.
  4. Add your public SSH key.

When Triton finishes the adding or uploading process, the public SSH key appears in the list of SSH keys.

What are my next steps?

  • Adding SSH keys to agent.
  • Set up the Triton CLI and CloudAPI on Windows.
  • Set up the Triton CLI and CloudAPI.
  • Create an instance in the Triton Service Portal.
  • Set up the triton-docker command line tool.
  • Visit PuTTYgen to learn more about the PuTTYgen and to seethe complete installation and usage guide.

Previous: The quick key manipulation interface, Up: Unattended Usage of GPG [Contents][Index]

Openssl Generate Key Pair Without Passphrase Download

4.5.4 Unattended key generation

The command --generate-key may be used along with the option--batch for unattended key generation. This is the mostflexible way of generating keys, but it is also the most complex one.Consider using the quick key manipulation interface described in theprevious subsection “The quick key manipulation interface”.

The parameters for the key are either read from stdin or given as afile on the command line. The format of the parameter file is asfollows:

  • Text only, line length is limited to about 1000 characters.
  • UTF-8 encoding must be used to specify non-ASCII characters.
  • Empty lines are ignored.
  • Leading and trailing white space is ignored.
  • A hash sign as the first non white space character indicates a comment line.
  • Control statements are indicated by a leading percent sign, the arguments are separated by white space from the keyword.
  • Parameters are specified by a keyword, followed by a colon. Arguments are separated by white space.
  • The first parameter must be ‘Key-Type’; control statements may be placed anywhere.
  • The order of the parameters does not matter except for ‘Key-Type’ which must be the first parameter. The parameters are only used for the generated keyblock (primary and subkeys); parameters from previous sets are not used. Some syntactically checks may be performed.
  • Key generation takes place when either the end of the parameter file is reached, the next ‘Key-Type’ parameter is encountered or at the control statement ‘%commit’ is encountered.

Control statements:

%echo text

Print text as diagnostic.

%dry-run

Suppress actual key generation (useful for syntax checking).

%commit

Perform the key generation. Note that an implicit commit is done atthe next Key-Type parameter.

%pubring filename

Do not write the key to the default or commandline given keyring butto filename. This must be given before the first commit to takeplace, duplicate specification of the same filename is ignored, thelast filename before a commit is used. The filename is used until anew filename is used (at commit points) and all keys are written tothat file. If a new filename is given, this file is created (andoverwrites an existing one).

See the previous subsection “Ephemeral home directories” for a morerobust way to contain side-effects.

%secring filename

This option is a no-op for GnuPG 2.1 and later.

See the previous subsection “Ephemeral home directories”.

%ask-passphrase
%no-ask-passphrase

This option is a no-op for GnuPG 2.1 and later.

%no-protection

Using this option allows the creation of keys without any passphraseprotection. This option is mainly intended for regression tests.

%transient-key

If given the keys are created using a faster and a somewhat lesssecure random number generator. This option may be used for keyswhich are only used for a short time and do not require fullcryptographic strength. It takes only effect if used together withthe control statement ‘%no-protection’.

General Parameters:

Key-Type: algo

Starts a new parameter block by giving the type of the primarykey. The algorithm must be capable of signing. This is a requiredparameter. algo may either be an OpenPGP algorithm number or astring with the algorithm name. The special value ‘default’ maybe used for algo to create the default key type; in this case a‘Key-Usage’ shall not be given and ‘default’ also be usedfor ‘Subkey-Type’.

Key-Length: nbits

The requested length of the generated key in bits. The default isreturned by running the command ‘gpg --gpgconf-list’.

Key-Grip: hexstring

This is optional and used to generate a CSR or certificate for analready existing key. Key-Length will be ignored when given.

Key-Usage: usage-list

Space or comma delimited list of key usages. Allowed values are‘encrypt’, ‘sign’, and ‘auth’. This is used togenerate the key flags. Please make sure that the algorithm iscapable of this usage. Note that OpenPGP requires that all primarykeys are capable of certification, so no matter what usage is givenhere, the ‘cert’ flag will be on. If no ‘Key-Usage’ isspecified and the ‘Key-Type’ is not ‘default’, all allowedusages for that particular algorithm are used; if it is not given but‘default’ is used the usage will be ‘sign’.

Subkey-Type: algo

This generates a secondary key (subkey). Currently only one subkeycan be handled. See also ‘Key-Type’ above.

Openssl Generate Key Pair Without Passphrase Code

Subkey-Length: nbits

Length of the secondary key (subkey) in bits. The default is returnedby running the command ‘gpg --gpgconf-list’.

Subkey-Usage: usage-list

Key usage lists for a subkey; similar to ‘Key-Usage’.

Passphrase: string

If you want to specify a passphrase for the secret key, enter it here.Default is to use the Pinentry dialog to ask for a passphrase.

Name-Real: name
Name-Comment: comment
Name-Email: email

The three parts of a user name. Remember to use UTF-8 encoding here.If you don’t give any of them, no user ID is created.

Expire-Date: iso-date (number[d w m y])

Set the expiration date for the key (and the subkey). It may eitherbe entered in ISO date format (e.g. '20000815T145012') or as number ofdays, weeks, month or years after the creation date. The specialnotation 'seconds=N' is also allowed to specify a number of secondssince creation. Without a letter days are assumed. Note that thereis no check done on the overflow of the type used by OpenPGP fortimestamps. Thus you better make sure that the given value makesense. Although OpenPGP works with time intervals, GnuPG uses anabsolute value internally and thus the last year we can represent is2105.

Creation-Date: iso-date

Set the creation date of the key as stored in the key information andwhich is also part of the fingerprint calculation. Either a date like'1986-04-26' or a full timestamp like '19860426T042640' may be used.The time is considered to be UTC. The special notation 'seconds=N'may be used to directly specify a the number of seconds since Epoch(Unix time). If it is not given the current time is used.

Preferences: string

Openssl Generate Ssh Key Pair Without Passphrase

Set the cipher, hash, and compression preference values for this key.This expects the same type of string as the sub-command ‘setpref’in the --edit-key menu.

Revoker: algo:fpr [sensitive]

Add a designated revoker to the generated key. Algo is the public keyalgorithm of the designated revoker (i.e. RSA=1, DSA=17, etc.)fpr is the fingerprint of the designated revoker. The optional‘sensitive’ flag marks the designated revoker as sensitiveinformation. Only v4 keys may be designated revokers.

Openssl Generate Key Pair Without Passphrase Code

Keyserver: string

/starcraft-2-cd-key-generator.html. This is an optional parameter that specifies the preferred keyserverURL for the key.

Openssl Generate Key Pair Without Passphrase Key

Handle: string

This is an optional parameter only used with the status linesKEY_CREATED and KEY_NOT_CREATED. string may be up to 100characters and should not contain spaces. It is useful for batch keygeneration to associate a key parameter block with a status line.

Here is an example on how to create a key in an ephemeral home directory:

Openssl Generate Key Pair Without Passphrase Password

If you want to create a key with the default algorithms you would usethese parameters:

Openssl Generate Key Pair Without Passphrase Password

Previous: The quick key manipulation interface, Up: Unattended Usage of GPG [Contents][Index]