Brief: Have you generated a certificate key or private key with a passphrase and want to remove it? In this guide, we will show how to remove a passphrase using the openssl command line tool and from an ssh private key.

A passphrase is a sequence of words used to secure and control access to a private key. It is a key or secret used to encrypt the file that contains the actual encryption key.

To utilize the private key for encryption, such as for ssh public-key-based connections, you must decrypt the private key file using the decryption key (the passphrase) – you are prompted to enter the passphrase.

Removing a Passphrase from SSL Certificate using OpenSSL

The header of a TLS/SSL private key with a passphrase appears like what is shown in the following screenshot. The parameter “DEK-Info” holds information needed to decrypt the key using the passphrase.

<code>$ cat private.pem</code>

When you or any application such as NGINX webserver uses the private key, which calls upon it for encrypting data, you or the application will be asked to provide the passphrase before the key can be used, for example:

<code>$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem</code>

To eliminate the passphrase of an SSL private key using the openssl command line utility, simply copy the old file to a new file name. Afterwards, the new private key will not contain a passphrase as illustrated in the next screenshot.

<code>$ openssl rsa -in private.pem -out private_new.pem 
$ cat private_new.pem </code>

Remove Passphrase from SSH Private Key

Usually, when you create an SSH key pair, you are prompted to set a passphrase for the private key as displayed in the following screenshot. If you leave it blank, no passphrase is applied.

When you use a private ssh key that has a passphrase, prior to the ssh client being able to apply the key for the connection, it asks you to supply the passphrase as shown.

<code>$ ssh -i .ssh/tecmint [email?protected]</code>

To eliminate the passphrase, use the ssh-keygen command with the -p option which prompts you for the existing passphrase, and -f to specify the private key file:

<code>$ ssh-keygen -p -f .ssh/tecmint</code>

Input the old passphrase, and leave the new passphrase blank.

[ You might also like: Basic SSH Command Usage and Configuration in Linux ]

That’s all! Keep in mind that it is advised to use passphrases to enhance the security of your SSH keys. To share your thoughts about this guide, please use the comment section below.

The above is the detailed content of How To Remove Passphrase from SSL Certificate and SSH Key. For more information, please follow other related articles on the PHP Chinese website!