Solution ID : SO29559
Last Modified : 04/15/2021
It's a three part process to confirm the integrity of a key pair:
openssl rsa -in [key-file.key] -check -noout
Example of private key which does not meet the integrity:
Some other errors that can be receiving from tampering/forging a key:
If you received any of the above errors then your private key has been manipulated and may not work with your public key. Consider creating a new private key and requesting a replacement certificate.
Example of private key which meets the integrity:
The above indicates a clean private key, proceed to next step of comparing the modulus.
Note: The modulus of private key and certificate must match exactly.
To view the certificate Modulus:
openssl x509 -noout -modulus -in [certificate-file.cer]
To view the private key Modulus:
openssl rsa -noout -modulus -in [key-file.key]
openssl x509 -in [certificate-file.cer] -noout -pubkey > certificatefile.pub.cer
Example content of public key certificatefile.pub.cer file:
Create a new file called test.txt file with content "message test". Perform the following command to create encrypted message to cipher.txt file.
openssl rsautl -encrypt -in test.txt -pubin -inkey certificatefile.pub.cer -out cipher.txt
Example output of cipher.txt:
Perform following command to decrypt cipher.txt content.
openssl rsautl -decrypt -in cipher.txt -inkey [key-file.key]
Confirm that you are able to decrypt your cipher.txt file content to your terminal.
Make sure that output from terminal is matching the content on test.txt file.
If the content does not match, then private key has been manipulated and may not work with your public key. Consider creating a new private key and requesting a replacement certificate.
Example output of successful decrypted message:
Perform following command to sign test.sig and test.txt file with your private key
openssl dgst -sha256 -sign [key-file.key] -out test.sig test.txt
Verify the signed files with your public key that was extracted from step 1. Get public key from certificate.
openssl dgst -sha256 -verify certificatefile.pub.cer -signature test.sig test.txt
Make sure that the output from terminal shows up like the example below.
Example which meets the integrity:
If you receive below message, then your private key has been manipulated and may not work with your public key. Consider creating a new private key and requesting a replacement certificate.
Example which does not meet the integrity: