Your browser does not allow storing cookies. We recommend enabling them.
SSH.COM uses cookies to give you the best experience and most relevant marketing. More info
DECLINE Warning: Some functionality on this site will not work without cookies and our advertising will be less relevant!GOT IT!

PreviousNextUp[Front page] [Index]

Protecting Private Keys with Passwords

Private keys can be encrypted by using the ssh-keytool command (ssh_keytool.exe on Windows). This command can be used to protect the private key of an SSH Tectia Certifier Server, for example.

To set a password, run the following commands for a private key: 

ssh_keytool -o pkcs8s -s password input.prv output.prv
del input.prv
move output.prv input.prv

To change an existing password, run: 

ssh_keytool -o pkcs8s -S oldpass -s newpass input.prv output.prv
del input.prv
move output.prv input.prv

To clear the password, run: 

ssh_keytool -o pkcs8s -S password input.prv output.prv
del input.prv
move output.prv input.prv

If ssh-keytool is used to set a Certifier Server password on Windows, SSH Tectia Certifier cannot be started automatically after reboot. The password is prompted when SSH Tectia Certifier is started from the Start menu under Programs -> SSH Tectia Certifier -> Start -> SSH Certifier.

PreviousNextUp[Front page] [Index]