19

We have a set of public and private keys and certificates on the server. The problem is that while public encryption works fine, the passphrase for the .key file got lost.

So, when trying to execute the following command:

openssl rsa -in the.key

It will obviously ask for the passphrase. Is it possible to get the lost passphrase somehow?

Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
Kevin Kopf
  • 311
  • 1
  • 2
  • 8

6 Answers6

47

The whole point of having a passphrase is to lock out anyone who does not know it. Allowing it to be recovered would defy the principle and allow hackers who get access to your certificate to recover your keys.

So no, there is no such thing.

What you should do is declare the keys as lost to the issuer so that they revoke your certificate. Then, you have to create a new one from scratch.

Community
  • 1
M'vy
  • 13,033
  • 3
  • 47
  • 69
  • 9
    I think it's important to note here that many commercial CAs will allow you to (revoke and) re-issue a certificate at least a few times without additional charge. (I mention this because to my ear "from scratch" sounds like you mean "pay again.") – Calrion Mar 11 '16 at 08:06
  • 3
    @Calrion That depends a lot on CA of course. For example with StartCom and their *free* certs, revoking a cert is *not* free (not sure if it's because of additional work on their side or just in order to educate people not to flood fill the Certificate Revocation List). But of course this is a very different situation to a piad certificate anyway ... – Hagen von Eitzen Mar 11 '16 at 09:25
  • @HagenvonEitzen True; that's actually the reason I no longer trust StartCom—it's impossible to determine revocation status (i.e. the difference between "cert is valid" and "subscriber couldn't/wouldn't pay for revocation.") – Calrion May 08 '16 at 23:35
17

From your description, it sounds like the server is currently using the key, which means the server "knows" the pass phrase. If this is correct and you have appropriate access to the server, you should be able to extract it. How you'd do that depends on what the server software is and how it's set up.

Just as an example, if you were running Apache, and it had something like this in the httpd.conf file:

SSLPassPhraseDialog exec:/etc/apache2/getsslpassphrase

That means that Apache will run /etc/apache2/getsslpassphrase to get passphrases; and you can do the same:

sudo /etc/apache2/getsslpassphrase server.example.com:443 RSA

should output the passphrase for the server.example.com key.

For other server software (or Apache with different config options), you'd have to specify the details.

Gordon Davisson
  • 2,581
  • 1
  • 17
  • 13
  • 1
    JBOSS does something similar where there will be an encrypted file which has the passphrase, so you can extract the file and decrypt it externally. – Coxy Mar 11 '16 at 03:36
11

Under some circumstances it may be possible to recover the private key with a new password. It would require the issuing CA to have created the certificate with support for private key recovery.

This is normally not done, except where the key is used to encrypt information, e.g. when used for email or file encryption. The issuing CA should be able to tell you whether key recovery is possible, and help you re-create the key with a new password if it is.

Jenny D
  • 1,197
  • 9
  • 18
  • interesting. I have never heard of private key recovery support. Can you provide some links that talk about this? – stochastic Mar 11 '16 at 18:26
  • 2
    @stochastic Here's one link, for the CA I usually work with: [EJBCA key recovery](/https://www.ejbca.org/docs/adminguide.html#Key%20Recovery). It's also mentioned in [RFC 3647](https://www.ietf.org/rfc/rfc3647.txt), which describes the standard template for CP and CPS for CAs. – Jenny D Mar 12 '16 at 07:26
8

As far as our current knowledge goes, there is only brute force available. Ask the person who created the key to try to remember the passphrase and try. If this is not available, try a cracking program that generates popular passwords as a passphrase generator.

However, when the passphrase was well chosen, your chances to crack the key are minimal.

jk - Reinstate Monica
  • 1,658
  • 1
  • 11
  • 18
  • 1
    If the person who created the key can provide some guidelines, even if they don't remember the specific phrase it makes brute forcing it much easier. Things like "It was long. I didn't use symbols. It was a famous quote." – Bobson Mar 11 '16 at 15:58
3

Just to offer an alternative view, I'd say it is most certainly possible. However, it is most probably not practical at all.

Process is known as cracking, and usually involves either a brute force attack or dictionary based one (perhaps helped with newly detected algorithm weaknesses) . Depending on complexity of passphrase used and your computing power it could take from several minutes to many billions of years, though.

So if your remember most of the words of the passphrase or if it was very short, and data it encrypts is very important to you and unobtainable otherwise - it might be worth a try. Otherwise, as others say, it's gone (unless critical algorithm weakness becomes public in following years, of course).

For the process itself if you decide it is worth a try, see for example this question

Community
  • 1
Matija Nalis
  • 2,115
  • 12
  • 18
-1
  /usr/share/john/ssh2john.py id_rsa > id_rsa.hash

then

john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa.hash

And you get the passphrase if it's in the list.

DimiDak
  • 99
  • 2
  • 2
    ... you mean, if the passphrase is in the rockyou list, right? That's not a magic command to get any passphrase from any key file. – schroeder Feb 03 '20 at 17:37