What's the purpose of a private key passphrase?
Sometimes, I see users use a private key and passphrase to log in.
So, does it mean t开发者_StackOverflow中文版he public key is stored on the log in server?
What's the purpose of the pass phrase?
Yes, the server stores the public key, and the client stores the private key. A security feature to prevent stolen private keys from being useful to the thief is to encrypt them. The passphrase allows you to decrypt the private key to use it. Without the passphrase, the key is useless.
You know whether a key is encrypted generally by looking at the PEM header surrounding it. For example, a DSA private key encrypted with 3DES in PEM format might look like this:
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BF6892D860EC969F
<encrypted key data here>
-----END DSA PRIVATE KEY-----
Whereas an unencrypted DSA private key in PEM format would not have a header saying it's encrypted:
-----BEGIN DSA PRIVATE KEY-----
<unencrypted key data here>
-----END DSA PRIVATE KEY-----
精彩评论