ETOOBUSY 🚀 minimal blogging for the impatient
One thing to look out for when using Encrypt, the hard way.
It’s anyway possible to hit the following error while decrypting via the asymmetric algorithm:
# Get the symmetric encryption key back first, using the private # SSH RSA key $ openssl rsautl -decrypt -oaep -inkey ~/.ssh/id_rsa \ -in random-key-stuff.enc -out random-key-stuff.dec ... yadda yadda yadda...:Expecting: ANY PRIVATE KEY
~/.ssh/id_rsa is a RSA PRIVATE KEY:
-----BEGIN OPENSSH PRIVATE KEY----- ...
So thanks to this answer:
# let's work in the SSH directory for my user $ cd ~/.ssh # let's also remain on the safe side, just in case... $ cp id_rsa id_rsa.save # we're passphrase-protecting our keys, right? RIGHT?!? $ ssh-keygen -p -f id_rsa -m PEM
At this point we’re asked for the old passphrase (to decrypt the current
id_rsa into a useable private key) and a new passphrase
twice, to re-encrypt the private key with it. We end up with a file that
$ head id_rsa -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-... ...
Now this key can make my OpenSSL happy and willing to work properly… thanks!
Stay safe everyone!