Menu
Generate Your Keypair. If you’re using Transmit 5, Code Editor, Transmit for iOS, or Prompt, you can generate keypairs from inside the app. If you’re on a Mac, we can generate your keypair from the command line. Open a Terminal window and enter the following command: $ ssh-keygen -t rsa -b 4096. An SSH key consists of a pair of files. One is the private key, which you should never give to anyone. No one will ever ask you for it and if so, simply ignore them - they are trying to steal it. The other is the public key. When you generate your keys, you will use ssh-keygen to store the keys in a safe location so you can authenticate with. Reasons for importing keys include wanting to make a backup of a private key (generated keys are non-exportable, for security reasons), or if the private key is provided by an external source. This document will guide you through using the OpenSSL command line tool to generate a key pair which you can then import into a YubiKey. From the computer where you downloaded the private key file, generate an SSH2 fingerprint from the private key file. The output should match the fingerprint that's displayed in the console. If you created your key pair using AWS, you can use the OpenSSL tools to generate a fingerprint as shown in the following example. Now you can generate public or private key pair using PuTTYgen. Download PuTTYgen for Mac. Below is the detailed guide to download PuTTYgen on Mac operating system. Mac OS has a built-in command-line SSH client known as Terminal. To utilize it, go to Finder and then opt for Go. SiteGround uses key pairs for SSH authentication purposes, as opposed to plain username and password. More information on SSH keys is available here. You can generate an SSH key pair in Mac OS following these steps: Open up the Terminal by going to Applications - Utilities - Terminal.
This guide will demonstrate the steps required to encrypt and decrypt files using OpenSSL on Mac OS X. The working assumption is that by demonstrating how to encrypt a file with your own public key, you'll also be able to encrypt a file you plan to send to somebody else using their private key, though you may wish to use this approach to keep archived data safe from prying eyes.
Too Long, Didn't Read
Assuming you've already done the setup described later in this document, that id_rsa.pub.pcks8 is the public key you want to use, that id_rsa is the private key the recipient will use, and secret.txt is the data you want to transmit…
Encrypting
Decrypting
Using Passwords
OpenSSL makes it easy to encrypt/decrypt files using a passphrase. Unfortunately, pass phrases are usually 'terrible' and difficult to manage and distribute securely.
To Encrypt a File
You can add -base64 if you expect the context of the text may be subject to being 'visible' to people (e.g., you're printing the message on a pbulic forum). If you do, you'll need to add it to the decoding step as well. You can choose from several cypers but aes-256-cbc is reasonably fast, strong, and widely supported. Base64 will increase the size of the encrypted file by approximately 30%
To Decrypt a File
You will need to provide the same password used to encrypt the file. All that changes between the encrypt and decrypt phases is the input/output file and the addition of the -d flag. If you pass an incorrect password or cypher then an error will be displayed.
![Generate A Private Key Mac Generate A Private Key Mac](/uploads/1/2/6/1/126140885/501634323.jpg)
Encrypting Files Using your RSA keys
RSA encryption can only work with very short sections of data (e.g. an SHA1 hash of a file, or a password) and cannot be used to encrypt a large file. The solution is to generate a strong random password, use that password to encrypt the file with AES-256 in CBC mode (as above), then encrypt that password with a public RSA key. The encrypted password will only decrypt with a matching public key, and the encrypted file will require the unique password encrypted in the by the RSA key.
Replace OpenSSL
The copy of OpenSSL bundled with Mac OS X has several issues. Mac OS X 10.7 and earlier are not PCI compliant. It is best to replace it. See here for details: http://www.dctrwatson.com/2013/07/how-to-update-openssh-on-mac-os-x/
Generate Your Private/Public Key-pair
By default your private key will be stored in
- ~/.ssh/id_rsa : This is your private key and it must be kept secret
- ~/.ssh/id_rsa.pub : This is your public key, you can share it (for example) with servers as an authorized key for your account.You can change the location of where you store your keys, but this location is typical. Typically you want to ensure the private key is chmod 600, andd the public key is chmod 644.
Generate a PKCS8 Version of Your Public Key
The default format of id_rsa.pub isn't particularly friendly. If you are going to public your key (for example) on your website so that other people can verify the authorship of files attributed to you then you'll want to distribute it in another format. I find it useful to keep a copy in my .ssh folder so I don't have to re-generate it, but you can store it anywhere you like.
Generate a One-Time-Use Password to Encrypt the File
The passwords used to encrypt files should be reasonably long 32+ characters, random, and never used twice. To do this we'll generate a random password which we will use to encrypt the file.
This will generate 192 bytes of random data which we will use as a key. If you think a person may need to view the contents of the key (e.g., they're going to display it on a terminal or copy/paste it between computers) then you should consider base-64 encoding it, however:
- The password will become approximately 30% longer (and there is a limit to the length of data we can RSA-encrypt using your public key
- The password will be 'padded' with '=' characters if it's not a multiple of 4 bytes.
A Note on Long Passwords
There is a limit to the maximum length of a message that can be encrypted using RSA public key encryption. If you want to use very long keys then you'll have to split it into several short messages, encrypt them independently, and then concatinate them into a single long string. Decrypting the password will require reversing the technique: splitting the file into smaller chuncks, decrypting them independently, and then concatinating those into the original password key file.
Encrypt the File Using the Generated Key
Now that you have a good random password, you can use that to AES encrypt a file as seen in the 'with passwords' section
Decrypting the file works the same way as the 'with passwords' section, except you'll have to pass the key.
Encrypt the Key Used to Encrypt the File
We used fast symetric encryption with a very strong password to encrypt the file to avoid limitations in how we can use asymetric encryption. Finally, we'll use asymetric encryption to encrypt the password. This solves the problem of 'how do I safely transmit the password for the encrypted file' problem. You can encrypt is using the recipients public key and they can decode it using their private key. Encrypt the password using a public key:
The recipient can decode the password using a matching private key:
Package the Encrypted File and Key
There are a number of ways to do this step, but typically you'll want just a single file you can send to the recipent to make transfer less of a pain. I'd recommend just making a tarball and delivering it through normal methods (email, sftp, dropbox, whatever). Though a secure method of exchange is obviously preferable, if you have to make the data public it should still be resistent to attempts to recover the information.
The file can be extracted in the usual way:
You may want to securely delete the unecrypted keyfile as the recipient will be able to decode it using their private key and you already have the unencrypted data.
by Nezar Assawiel
Google Cloud offers many tools and services. One of these services is creating highly customizable virtual machines. If you are not familiar with what a virtual machine is, here is a definition from Microsoft:
A virtual machine is a computer file, typically called an image, that behaves like an actual computer. In other words, creating a computer within a computer. It runs in a window, much like any other program, giving the end user the same experience on a virtual machine as they would have on the host operating system itself. The virtual machine is sandboxed from the rest of the system, meaning that the software inside a virtual machine can’t escape or tamper with the computer itself.
Virtual machines are needed in many situations to test applications against other operating systems, to access virus-infected data, or to experiment with other operating systems. You can install virtual machines on your computer. You can also create them in the cloud and simply connect to them.
In this tutorial, I will walk you through how to create a virtual machine in Google Cloud. We can connect to it with SSH from your computer.
- If you don’t have one already, create a Google Cloud account from here.
You will get $300 credit to play around with for a year! It is more than enough to learn and play with everything Google Cloud offers.
2.Create a new project or use an existing one. You can create a new project called project1, for example, as in the following gif:
3. Now you are set to create a virtual machine. Go to the top left corner of your Google Cloud home page, click on the triple bar icon ≡ and select Compute Engine ->VM instance and click Create.
Enter whatever name you want in the Name field as shown below:
Keep the default region and zone. Any region/zone will do for this tutorial. If you are curious about what they mean, you can read Google Cloud’s documentation about them here.
You can keep default machine type or click Customize toselect the number of CPU cores, memory, and GPUs you would like your virtual machine to have. You will see the cost on the right side changes!
For your first experiments with Google Cloud, you can be conservative with the $300 credit for some actual work. In such a case, you can choose the following configuration:
Next choose a boot disk. For example, you can choose 20 GB, SSD, Ubuntu 16.04 LTS as shown below:
Then set the Service Account under Identity and API access to No service account as shown below:
Finally, go to the Security tab under Firewall. You will see an SSH Key field as shown below:
This where you are going to connect your computer to the virtual machine using your SSH Key!
If you are not familiar with SSH (Secure Shell) and why you may want to use it, it is a network protocol that provides encrypted data communication between two computers (your computer and Google’s servers, in this case) which are connected over an insecure network (the Internet here).
To establish an SSH connection, you may need an application that can do that, depending on your operating system. Follow the rest of this post depending on your operating system (Windows or Mac/Linux).
Windows
I recommend PuTTY. It is an open-source and easy to use SSH client. You can download PuTTY and install it from here.
After installing PuTTY, open PuTTY Key Generator and click create. It will generate a random key by you moving the mouse over the blank area. After it is done, you will get something like this:
Change the key comment field to something recognizable and easy to type, as this will become a user name later!
Then save both the public and private keys by clicking the corresponding icons shown in the picture above.
Highlight the whole Key field from the PuTTY Key Generator, and copy and paste it in the key data field in Google Cloud:
Click create and wait for the virtual machine instance to be created.
In the meantime, you can go to PuTTY. Go to SSH ->Auth and browse for the private key file that you saved.
Next, go to Google Cloud and copy the external IP from the virtual machine instance that you just created as shown below:
![Generate A Private Key Mac Generate A Private Key Mac](/uploads/1/2/6/1/126140885/453654071.png)
And paste it on the Host field under Sessions in PuTTY and hit Enter:
Note: you might get an error message. Ignore it and click yes. (It just says the key is not already in the registry. Are you sure you want to connect?)
Then enter the username you created when generating the key (key comment above). Boom! you are in the virtual machine that you just created.
You can install python and Google APIs on it, for example, to start making some magic! Don’t forget to shut it down in Google Cloud after you are done to be economic with your credit :)
Generate A Private Key Mac Free
Mac/Linux
Mac and Linux support SSH connection natively. You just need to generate an SSH key pair (public key/private key) to connect securely to the virtual machine.
The private key is equivalent to a password. Thus, it is kept private, residing on your computer, and should not be shared with any entity. The public key is shared with the computer or server to which you want to establish the connection. To generate the SSH key pair to connect securely to the virtual machine, follow these steps:
Enter the following command in Terminal:
ssh-keygen -t rsa
. It will start the key generation process. You will be prompted to choose the location to store the SSH key pair. Press ENTER to accept the default location as shown below:Next, choose a password for your login to the virtual machine or hit ENTER if you wish not to use a password. The private key (i.e. identification) and the public key will be generated as shown below:
Now run the following command:
cat ~/.ssh/id_rsa.pub
. It will display the public key in the terminal as shown below. Highlight and copy this key:and paste it in the SSH key field in Google Cloud and hit Create:
Now you can use the External IP of the virtual machine you just created:
Generate A Public Key Mac
to ssh to it as follows:
Generate A Private Key Mac Download
You will get “The authenticity of host…etc.” warning as shown in the picture below. This is normal. Whenever SSH connects to a system it hasn’t seen before, it will generate a warning like this. Reply yes to connect, and bingo!You are in the virtual machine, as you can see from host name instance-3. To exit the virtual machine, just type exit.
Don’t forget to shut the virtual machine in Google Cloud after you are done to save that $300 credit!
Originally published at assawiel.com/blog on December 23, 2017. Updated: Oct 10, 2018