How to Decrypt an RSA Private Key Using OpenSSL

Laptop with encryted code - Markus Spiske

TL;DR:

  1. If your SSL private key is encrypted, you'll see "ENCRYPTED" in the file.

  2. To use the key, you must decrypt it using OpenSSL with the passphrase.

  3. After decryption, the key will show "RSA PRIVATE KEY" instead of "ENCRYPTED".


When installing a SSL certificate with a private key that is encrypted with a passphrase, you must decrypt the private key first. You can identify whether a private key is encrypted or not by opening the private key (.key or .pem file) using a text editor or command line. You should see the text ENCRYPTED if the private key is encrypted.

$ cat encrypted_private.key
-----BEGIN ENCRYPTED PRIVATE KEY-----
...

Note: If the private key within the .pem file, you can simply copy the text between and including the -----BEGIN ENCRYPTED PRIVATE KEY----- and -----END ENCRYPTED PRIVATE KEY----- and save it into a new file.

To decrypt the private key from the terminal:

  1. Open terminal
  2. Run the open ssl command to decrypt the file
    $ openssl rsa -in <encrypted_private.key>  -out <decrypted_private.key>
    Enter pass phrase for encrypted_private.key: <enter the password>
    writing RSA key
  3. Once the private key has been decrypted, open the file and you should not see the text ENCRYPTED anymore.
    $ cat decrypted_private.key
    -----BEGIN RSA PRIVATE KEY-----
    ...

Add new comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.