Understand public and private keys

Quick summary

Public and private keys come in pairs. What is encrypted by one, can be decrypted by the other.

When used for server access (i.e. through SSH or Putty), this makes encrypting passwords in transit superfluous. User keeps the private key, server gets the public version.

More info on WikiPedia.

Ways to create key pairs

With the labs, there are three main ways to generate a key pair. Check other learning units for details. Otherwise use your favorite search engine.

AWS can generate them. To be used on Windows they need to be converted with Puttygen.
On Windows, Puttygen can create them.
On Linux/Max, ssh-keygen can be used. On this platform the private key should only be readable by the user (permission 600).

Note that Amazon Web Services will not store the private key after you have downloaded it (at least, that is what they say...).

File name conventions

Extension	Used by	Contains
.pub	Ssh_keygen (linux, mac)	Public key
(none)	Ssh_keygen (linux, mac)	Private key
.pem	Standard; created by AWS	Public and private key
.ppk	Putty (Putty private key)	Public and private key

Advanced & Background

What is bad about AWS generated?

What is bad about server generated?

File name conventions: http://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file

Discussion

Cloud and Security Architecture v4