Understand public and private keys

Quick summary

Public and private keys come in pairs. What is encrypted by one, can be decrypted by the other.

When used for server access (i.e. through SSH or Putty), this makes encrypting passwords in transit superfluous. User keeps the private key, server gets the public version.

More info on WikiPedia.

Ways to create key pairs

With the labs, there are three main ways to generate a key pair. Check other learning units for details. Otherwise use your favorite search engine.

  1. AWS can generate them. To be used on Windows they need to be converted with Puttygen.
  2. On Windows, Puttygen can create them.
  3. On Linux/Max, ssh-keygen can be used. On this platform the private key should only be readable by the user (permission 600).

Note that Amazon Web Services will not store the private key after you have downloaded it (at least, that is what they say...).

File name conventions


Used by



Ssh_keygen (linux, mac)

Public key


Ssh_keygen (linux, mac)

Private key


Standard; created by AWS

Public and private key


Putty (Putty private key)

Public and private key

Advanced & Background

What is bad about AWS generated?

What is bad about server generated?

File name conventions: http://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file

Complete and Continue