Posted on December 26, 2008 at 1:31am EST. More.

Which RSA key goes with which?

I had a set of keys in my Mac OS X Keychain and no clue which public key and private key belonged together. This is how I figured out if a specific public key A paired with a private key B.

Export public key A to file A.pem, then find its modulus:

cat A.pem | sed 's/RSA //' | openssl rsa -noout -modulus -pubin > A.mod
Export private key B to file B.p12, then find its modulus:
openssl pkcs12 -nodes < B.p12 | openssl rsa -noout -modulus > B.mod
If A.mod and B.mod are identical, the keys are a pair.

You could also extract a public key from the private key file, and compare the extracted public key to the exported public key. In other words:

openssl pkcs12 -nodes < B.p12 | openssl rsa -pubout > B.pem
Again, if A.pem and B.pem match, the keys are a pair.