openssl-pkey
TLDR
View private key details
$ openssl pkey -in [private.key] -text -noout
Extract public key$ openssl pkey -in [private.key] -pubout -out [public.key]
Convert to DER format$ openssl pkey -in [private.key] -outform DER -out [private.der]
Encrypt private key$ openssl pkey -in [private.key] -aes256 -out [encrypted.key]
Remove encryption$ openssl pkey -in [encrypted.key] -out [decrypted.key]
Check key validity$ openssl pkey -in [private.key] -check
SYNOPSIS
openssl pkey [options] [-in file] [-out file]
DESCRIPTION
openssl pkey is a general-purpose key processing tool. It can convert between formats, extract public keys, encrypt/decrypt private keys, and display key information.
Works with RSA, EC, ED25519, and other key types.
PARAMETERS
-in file
Input file.-out file
Output file.-inform format
Input format (PEM, DER).-outform format
Output format.-pubout
Output public key.-text
Print text form.-noout
Don't output key.-check
Check key.-aes256
Encrypt output.
KEY FORMATS
$ PEM - Base64 encoded (-----BEGIN...)
DER - Binary format
DER - Binary format
CAVEATS
-nodes or no encryption outputs unprotected key. Always protect private keys.
HISTORY
The pkey command provides unified key handling across different algorithms in OpenSSL.
SEE ALSO
openssl-genpkey(1), openssl-rsa(1), openssl-ec(1)
