Skip to content

Instantly share code, notes, and snippets.

@mingfang

mingfang/convert id_rsa to pem

Last active October 2, 2024 14:21
Show Gist options
  • Save mingfang/4aba327add0807fa5e7f to your computer and use it in GitHub Desktop.
Save mingfang/4aba327add0807fa5e7f to your computer and use it in GitHub Desktop.
Download ZIP
Convert id_rsa to pem file
Raw
convert id_rsa to pem
openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
chmod 600 id_rsa.pem
@kadircs
Copy link

kadircs commented Feb 16, 2021

This worked!!! But as others said, your private key is overwritten.

For private keys in OpenSSH format that use passphrase, you can convert them to PEM format using

ssh-keygen -f my-rsa-key -m pem -p

Note: when it was missing -p argument I got Expecting: ANY PRIVATE KEY error.

@dzmitry-lahoda
Copy link

@coolaj86 tried to run on windows, got errors (rsa -> jwt json)

C:\Users\dz\.ssh> ssh-to-jwk id_rsa
C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:135
    len = dv.getUint32(index, false);
             ^

RangeError: Offset is outside the bounds of the DataView
    at DataView.getUint32 (<anonymous>)
    at Object.SSH.parseElements (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:135:14)
    at Object.SSH.parse (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:23:24)
    at Object.<anonymous> (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\bin\ssh-to-jwk.js:26:16)
    at Module._compile (internal/modules/cjs/loader.js:1063:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
    at Module.load (internal/modules/cjs/loader.js:928:32)
    at Function.Module._load (internal/modules/cjs/loader.js:769:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
    at internal/main/run_main_module.js:17:47

@mattiacantalu
Copy link

I had the same problem and fixed by adding -m PEM when generate keys.

So the gen key command look like:

ssh-keygen -t rsa -b 4096 -m PEM

Then you can get pem from your rsa private key.

openssl rsa -in id_rsa -outform pem > id_rsa.pem

@kollaesch doesn't seem to be the case. I still got:

@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key

Worked to me too. Thanks man !

@tarcisiomiranda
Copy link

Just run this

ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pem > ~/.ssh/id_rsa.pub.pem

@linuxtim
Copy link

Some of the examples above contain insecure use of chmod.
In general to create a file securely, always set the umask first! e.g.

$ rm -f examplefile ; ( umask 0077 && echo "" > examplefile ) ; ls -l examplefile
-rw------- 1 tim tim 1 Feb 26 13:55 examplefile
$  rm -f examplefile ; ( umask 0377 && echo "" > examplefile ) ; ls -l examplefile
-r-------- 1 tim tim 1 Feb 26 13:55 examplefile

...if you don't do that, then your file creation is subject to a race condition, and can be maliciously read between you creating it, and chmodding it...

@andreif
Copy link

andreif commented Feb 26, 2024

Huh, TIL! Thanks @linuxtim!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment