mingfang/convert id_rsa to pem

Last active March 3, 2024 08:46

Star 146 You must be signed in to star a gist
Fork 45 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/mingfang/4aba327add0807fa5e7f.js"></script>
Save mingfang/4aba327add0807fa5e7f to your computer and use it in GitHub Desktop.

Download ZIP

Convert id_rsa to pem file

Raw

convert id_rsa to pem

	openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
	chmod 600 id_rsa.pem

thayshiva commented Aug 2, 2020

I had the same problem and fixed by adding -m PEM when generate keys.

So the gen key command look like:
ssh-keygen -t rsa -b 4096 -m PEM
Then you can get pem from your rsa private key.
openssl rsa -in id_rsa -outform pem > id_rsa.pem
@kollaesch doesn't seem to be the case. I still got:
@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key

Thanks, this worked for me as well.

kadircs commented Feb 16, 2021

This worked!!! But as others said, your private key is overwritten.

For private keys in OpenSSH format that use passphrase, you can convert them to PEM format using
ssh-keygen -f my-rsa-key -m pem -p
Note: when it was missing -p argument I got Expecting: ANY PRIVATE KEY error.

dzmitry-lahoda commented Feb 19, 2021

@coolaj86 tried to run on windows, got errors (rsa -> jwt json)

C:\Users\dz\.ssh> ssh-to-jwk id_rsa
C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:135
    len = dv.getUint32(index, false);
             ^

RangeError: Offset is outside the bounds of the DataView
    at DataView.getUint32 (<anonymous>)
    at Object.SSH.parseElements (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:135:14)
    at Object.SSH.parse (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\lib\ssh-parser.js:23:24)
    at Object.<anonymous> (C:\Users\dz\AppData\Roaming\npm\node_modules\ssh-to-jwk\bin\ssh-to-jwk.js:26:16)
    at Module._compile (internal/modules/cjs/loader.js:1063:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1092:10)
    at Module.load (internal/modules/cjs/loader.js:928:32)
    at Function.Module._load (internal/modules/cjs/loader.js:769:14)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:72:12)
    at internal/main/run_main_module.js:17:47

mattiacantalu commented Mar 12, 2021

I had the same problem and fixed by adding -m PEM when generate keys.

So the gen key command look like:
ssh-keygen -t rsa -b 4096 -m PEM
Then you can get pem from your rsa private key.
openssl rsa -in id_rsa -outform pem > id_rsa.pem
@kollaesch doesn't seem to be the case. I still got:
@macbook:~/work$ openssl dsa -in id_dsa -outform pem
read DSA key
unable to load Private Key
140736256754632:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:697:Expecting: ANY PRIVATE KEY
unable to load Key

Worked to me too. Thanks man !

tarcisiomiranda commented Jan 9, 2023

Just run this

ssh-keygen -f ~/.ssh/id_rsa.pub -e -m pem > ~/.ssh/id_rsa.pub.pem

linuxtim commented Feb 26, 2024

Some of the examples above contain insecure use of chmod.
In general to create a file securely, always set the umask first! e.g.

$ rm -f examplefile ; ( umask 0077 && echo "" > examplefile ) ; ls -l examplefile
-rw------- 1 tim tim 1 Feb 26 13:55 examplefile
$  rm -f examplefile ; ( umask 0377 && echo "" > examplefile ) ; ls -l examplefile
-r-------- 1 tim tim 1 Feb 26 13:55 examplefile

...if you don't do that, then your file creation is subject to a race condition, and can be maliciously read between you creating it, and chmodding it...

andreif commented Feb 26, 2024

Huh, TIL! Thanks @linuxtim!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment