6

Today is friday and I'm a desperate sysadmin. I issued a demand of certificate for an HTTPS server, and just received it after more than a long week of waiting, but while my request was processed I lost the passphrase that secured my private key.

Given that I have the private key and the public key jointly generated with the passphrase (that I knew by the time), could there be a clever way to recover the lost passphrase.

Thanks in advance.

Nicocube
  • 163
  • 1
  • 1
  • 5

2 Answers2

14

You are out of luck. A passphrase protected encrypted private key means you have to guess it and with the high entropy of a typical passphrase it will be very difficult. Granted if you have a rough idea of what the passphrase is, you can write a script to try to brute force it (e.g., it was something like 'correct battery horse __' and subject to a dictionary attack).

This is the whole reason you put the passphrase on the private key. (Granted I usually remove the passphrase from my SSL private keys on my server for convenience restarting apache/nginx; though leave them only root readable; figure if someone got to root they can install a keylogger and grab my passphrase anyhow).

EDIT: I should add in principle you could get at your private key if you break RSA (solve the problem of factoring the modulus N the product of two ~1024 bit prime numbers that's in the unencrypted public key; which would let you quickly regenerate the private key) or the passphrase encryption mechanism (typically DES3) to recover the private key. However, if you could do either then anyone else could as well, which would not be a good situation. Also, unless you have made fundamental breakthroughs in number theory, computer science, or developed a quantum computer it is prohibitively expensive to brute-force break RSA (like a million computers going for a million years would have under a 0.02% chance of breaking a 2048-bit RSA key).

dr jimbob
  • 39,312
  • 8
  • 94
  • 164
  • 2
    +1. And also +1 for "correct battery horse staple". – 700 Software Jul 27 '12 at 17:02
  • I would like to add that the passphrase protection of private keys usually simply encrypts the file using e.g. AES and has nothing to do with PKC itself. – Tie-fighter Jul 27 '12 at 17:16
  • @Tie-fighter - Yes. But if you break RSA (or whatever PKC public-key cryptography used), then you can easily regenerate the private key in the same way it was originally created. – dr jimbob Jul 27 '12 at 17:27
  • Thanks, better to know there is no hope than hoping for nothing. ;) I sent a demand to my certificate authority if they can be kind enough to start the process of issuing keys/certificate again. I'll see their response on monday I guess. :( (european timezone, week end is starting here). – Nicocube Jul 27 '12 at 18:19
  • If you can regenerate the private key then you should not use that certificate in the first place. – Tie-fighter Jul 27 '12 at 18:22
  • Good thing I broke RSA last week – Shizzmo Jul 28 '12 at 17:35
2

(Just re-posting the answer I gave to the cross-posted question on SO, since it's now closed.)

Not really. The point of these protections is precisely to make it infeasible to recover the password.

If the password wasn't too long, you might try brute force...

Your best option is probably to contact your CA and ask them to re-issue a certificate with a new CSR. Some might allow re-keying without an extra fee during the certificate validity period.

Just in case, you could check whether the private key you've generated was encrypted. It depends on where it's stored. If it's in a PEM file that starts with -----BEGIN RSA PRIVATE KEY----- and contains the word ENCRYPTED after, it's a bad sign...

Community
  • 1
Bruno
  • 11,035
  • 2
  • 41
  • 62