Can I add a password to an existing private key?
A word of caution: as stated in laverya's answer openssl encrypts the key in a way that (depending on your threat model) is probably not good enough any more.
Of course you can add/remove a passphrase at a later time.
add one (assuming it was an
rsa
key, else usedsa
)openssl rsa -aes256 -in your.key -out your.encrypted.key mv your.encrypted.key your.key chmod 600 your.key
the
-aes256
tellsopenssl
to encrypt the key with AES256.As ArianFaurtosh has correctly pointed out: For the encryption algorithm you can use
aes128
,aes192
,aes256
,camellia128
,camellia192
,camellia256
,des
(which you definitely should avoid),des3
oridea
remove it
openssl rsa -in your.key -out your.open.key
you will be asked for your passphrase one last time
by omitting the-aes256
you tellopenssl
to not encrypt the output.mv your.open.key your.key chmod 600 your.key
While Guntbert's answer was good at the time, it's getting a little outdated. openssl rsa -aes256
creates an encrypted file using the md5 hash of your password as the encryption key, which is weaker than you would expect - and depending on your perspective that may in fact be worse than plaintext. (If you use the same password for your ssh key and your login, cracking the md5 hash will be significantly faster than attacking however your system stores the password - barring things like Windows XP)
A modern solution would be to use ssh-keygen -p -o -f PRIVATEKEY
, which will allow you to enter a passphrase and then will overwrite the existing private key with the encrypted version. This uses the bcrypt pbkdf, which is FAR slower than md5 even when running at the default 16 rounds. 'Far slower' in this case means between a tenth and a half of a second, instead of a millionth of a second - not something you'll notice when logging in, but a massive difference when cracking passwords.
When a private is "protected by a password", it merely means that the key bytes, as stored somewhere, are encrypted with a password-derived symmetric key. A private key is readily encodable as a sequence of bytes, and can be copied, encrypted and decrypted just like any file. The important point here is that the password is all about storage: when the private key is to be used (e.g. to sign something), then it is first decrypted in the RAM of some computer, which then proceeds to use the non-encrypted private key. Correspondingly, there is nothing special in a RSA key pair which would make it suitable or unsuitable for password protection. Password protection is really an orthogonal issue.
Of course, if a private key has ever been stored on some physical medium (say, a hard disk) without any extra protection, then it may have left exploitable traces there. Details depend a lot on what system is actually used for private key storage. For instance, Windows systems use DPAPI for storing user's private keys, and DPAPI makes some extra efforts at not letting stored keys leak (whether these efforts are successful remains to be proven).