Can I add a password to an existing private key?

A word of caution: as stated in laverya's answer openssl encrypts the key in a way that (depending on your threat model) is probably not good enough any more.


Of course you can add/remove a passphrase at a later time.

  • add one (assuming it was an rsa key, else use dsa)

    openssl rsa -aes256 -in your.key -out your.encrypted.key
    mv your.encrypted.key your.key
    chmod 600 your.key
    

    the -aes256 tells openssl to encrypt the key with AES256.

    As ArianFaurtosh has correctly pointed out: For the encryption algorithm you can use aes128, aes192, aes256, camellia128, camellia192, camellia256, des (which you definitely should avoid), des3 or idea

  • remove it

    openssl rsa -in your.key -out your.open.key
    

    you will be asked for your passphrase one last time
    by omitting the -aes256 you tell openssl to not encrypt the output.

    mv your.open.key your.key
    chmod 600 your.key
    

While Guntbert's answer was good at the time, it's getting a little outdated. openssl rsa -aes256 creates an encrypted file using the md5 hash of your password as the encryption key, which is weaker than you would expect - and depending on your perspective that may in fact be worse than plaintext. (If you use the same password for your ssh key and your login, cracking the md5 hash will be significantly faster than attacking however your system stores the password - barring things like Windows XP)

A modern solution would be to use ssh-keygen -p -o -f PRIVATEKEY, which will allow you to enter a passphrase and then will overwrite the existing private key with the encrypted version. This uses the bcrypt pbkdf, which is FAR slower than md5 even when running at the default 16 rounds. 'Far slower' in this case means between a tenth and a half of a second, instead of a millionth of a second - not something you'll notice when logging in, but a massive difference when cracking passwords.


When a private is "protected by a password", it merely means that the key bytes, as stored somewhere, are encrypted with a password-derived symmetric key. A private key is readily encodable as a sequence of bytes, and can be copied, encrypted and decrypted just like any file. The important point here is that the password is all about storage: when the private key is to be used (e.g. to sign something), then it is first decrypted in the RAM of some computer, which then proceeds to use the non-encrypted private key. Correspondingly, there is nothing special in a RSA key pair which would make it suitable or unsuitable for password protection. Password protection is really an orthogonal issue.

Of course, if a private key has ever been stored on some physical medium (say, a hard disk) without any extra protection, then it may have left exploitable traces there. Details depend a lot on what system is actually used for private key storage. For instance, Windows systems use DPAPI for storing user's private keys, and DPAPI makes some extra efforts at not letting stored keys leak (whether these efforts are successful remains to be proven).