 |
Many SSH users believe that public and private keys are independent entities.
In reality, the public key is mathematically contained in the private key, and can always be reconstructed if the private key is available.
This article explains:
- why it is possible (cryptographic theory)
- how to do it concretely (OpenSSH and PuTTY)
- what is NOT possible (limits and security)
1️⃣ Theoretical foundations (without cumbersome formulas)
Asymmetric cryptography: a correct summary
A public key system is based on:
- a private key → secret
- a public key → distributable
But they are not generated separately.
👉 The private key contains the mathematical parameters from which the public key is derived. public.
Conceptual example: RSA
For RSA:
- The private key includes:
- the secret prime numbers
- the modulus
n - the private exponent
- The public key is composed only of:
n(modulus)e(public exponent)
📌 So:
The public key is a subset of the information contained in the private key
And with ED25519?
Even more clear:
- The private key is a seed
- The public key is obtained by applying a deterministic function (elliptic curves)
👉 No external information is needed
True asymmetry
| Operation | Possible |
|---|---|
| Private → Public | ✅ always |
| Public → Private | ❌ computationally impossible |
This is the basis of the Security.
2️⃣ What does an SSH private key actually contain?
A file like:
-----BEGIN OPENSSH PRIVATE KEY-----contains:
- secret parameters
- public parameters
- metadata (algorithm, comment, KDF)
📌 The public key is not lost as long as the private key exists.
3️⃣ Recovering the public key: practice with OpenSSH
Case 1: Linux / macOS / WSL
ssh-keygen -y -f ~/.ssh/id_rsa > id_rsa.pubExplanation:
-y→ extracts the public key-f→ private key file>→ saves in OpenSSH format
id_rsa refers to the default name of the private key file used in SSH (Secure Shell) authentication, generated with the RSA algorithm, which works in conjunction with a id_rsa.pub file (the public key).Case 2: Windows with .ppk file (PuTTY)
GUI Method (Universal)
- Open PuTTYgen
- Load → file
.ppk - Copy the contents immediately after the sentence:
Public key for pasting into OpenSSH authorized_keys file
CLI Method (Legacy Versions)
puttygen key.ppk -L > key.pub.ppk (PuTTY Private Key) file is a proprietary private key file format used by PuTTY, a tool for SSH connections; Contains your private key generated using the PuTTYgen utility.4️⃣ Cryptographic verification (fingerprint)
Prove that the keys match:
ssh-keygen -lf id_rsa
ssh-keygen -lf id_rsa.pub✔ Same fingerprint → same cryptographic pair
5️⃣ What you CANNOT do (important to clarify)
- ❌ Recover the private key from the public key
- ❌ Rebuild the key if the private key is lost
- ❌ “Guessing” a private key from
authorized_keys
📌 This remains true even with very powerful computers.
6️⃣ Practical implications (why it's useful to know)
- Incomplete backups → no problem
- System migration → immediate recovery
.pubaccidentally deleted → recoverable- Auditing → match verification
7️⃣ Security: the real risk
The The fact that the public key can be obtained does not reduce security.
The real risk is:
- losing control of the private key
- incorrect permissions (
chmod 600) - missing passphrase
- Remember:
A private key without a passphrase is equivalent to a password stored in clear text: as long as it remains secret, it works, but the first time it leaks, the compromise is total.
Conclusion
The public key is not a secret,
the private key contains everything needed to generate it.
Knowing this Mechanism:
- prevents unnecessary reinstallations
- clarifies the nature of asymmetric encryption
- improves security awareness
Follow me #techelopment
Official site:www.techelopment.it
facebook:Techelopment
instagram:@techelopment
X:techelopment
Bluesky: @techelopment
telegram: @techelopment_channel
whatsapp: Techelopment
youtube: @techelopment
