How to tell if key is encrypted?
Darren Tucker
dtucker at zip.com.au
Fri Nov 21 19:35:48 EST 2003
Bob Proulx wrote:
>
> I would like to automatically deduce in a script if an ssh key is
> encrypted or not. Basically in a very particular application I want
> to be the BOFH and enforce that users place a passphrase on their
> id_rsa key. If they don't put a passphrase I want to send them back
> to ssh-keygen until they do. I have not been able to deduce a way to
> detect this yet. Any hints?
You can try having openssl load it with a null password:
Passwordless key:
$ openssl rsa -in /tmp/key -passin pass: -noout
read RSA key
$ echo $?
0
Key with a password:
$ openssl rsa -in id_rsa -passin pass: -noout
read RSA key
unable to load key
$ echo $?
1
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list