How do I add a website with a private key and a password?

February 9, 2021 in Website Backup

If you have an existing private key, there's a good chance it's encrypted. This means that when you connect to your website via SFTP, you have to enter a password to decrypt the key. You may have noticed that CodeGuard currently does not support adding a website with both a private key and a password. The rationale for only accepting unencrypted private keys is that CodeGuard performs its own key encryption after you have added your website.

If you have a website with an encrypted key, you can still add it to CodeGuard by simply decrypting the key prior to adding it. The steps below outline this process.

1. Determine the type of private key you have
There are many algorithms used for key-based authentication. Two of the most common are RSA and DSA. To determine which algorithm was used to generate your key, open your private key file, and look at the top or bottom. You should see lines that include the type of algorithm used to generate your key. For example, you might see "-----BEGIN RSA PRIVATE KEY-----". In this case, the algorithm that was used is RSA.

2. Decrypt the key using OpenSSL
Once you know which algorithm was used to generate your key, you can use OpenSSL to decrypt it. OpenSSL comes pre-installed on many OSX and Linux machines. You can also download OpenSSL for Windows on the OpenSSL website. The following SSL command will generate a new decrypted private key based on the encrypted one.

openssl rsa -in encrypted_key_name -out decrypted_key_name

Simply replace "rsa" with the algorithm you found in step 1, "encrypted_key_name" with the path to your encrypted private key, and "decrypted_key_name" with the location to store the new decrypted key.

3. Add your website to CodeGuard using the decrypted private key.
See our blog post on adding a website using key-based authentication for more information on key-based authentication and the complete steps necessary to add your website using a key.