Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

I lost my public key. Can I recover it from a private key?

Tags:

I created a key pair + signed certificate for iOS/OSX development. Somewhere along the way, I lost the public key that goes with my private key. Maybe it's because Keychain Access doesn't group the private and public keys together, like it does with certificates and private keys (that is so irritating! why does it (not) do that!)

In Keychain Access, I can still right-click the private key -> "Request a certificate"; but without the public key available I get the error "The specified item could not be found in the keychain". I am pretty sure that public keys are recoverable, but how? Obviously, Keychain Access isn't smart enough to do it automatically.

I eventually figured this out and will mark my answer correct after a few days, unless someone adds something new to the answer.

like image 850
Paul Du Bois Avatar asked May 30 '13 22:05

Paul Du Bois


People also ask

Can you recover the public key with a private key?

It is absolutely impossible to recover a private key from a public key. You can generate a public from a private, but not the other way around. It is completely impossible, and is also the point of asymmetrical encryption.

Can private key decrypt public key?

In public key cryptography, there would instead be two keys. The public key would encrypt the data, and the private key would decrypt it.

Does private key authenticate public key?

Only a user in possession of a private key that corresponds to the public key at the server will be able to authenticate successfully. The private keys need to be stored and handled carefully, and no copies of the private key should be distributed. The private keys used for user authentication are called identity keys.

Can you change your private key without changing your public key?

There is no way to change your private key without changing your public key.


1 Answers

I remembered vaguely being able to do this with openssl on .pem files, so that's the direction I headed.

  • In Keychain Access, export the private key as eg private.p12. Apply a password, or not.
  • Convert it to .pem: openssl pkcs12 -in private.p12 -out private.pem. Enter password from previous step. You're forced to apply a password to the .pem.
  • Extract the public portion: openssl rsa -in private.pem -pubout > public.pem. Enter password from previous step.
  • Import into Keychain Access: security import public.pem -k login.keychain. If you don't specify a keychain, the import appears to complete but I couldn't find where the item was put.
  • In Keychain Access, look in the login keychain for "Imported Public Key". Rename it and move to the desired location.
  • Clean up after yourself, especially those .p12 and .pem private keys with no or poor passwords.
like image 166
Paul Du Bois Avatar answered Sep 29 '22 13:09

Paul Du Bois