How to identify passphrase-less ssh-keys?

[honk]

Hi,

given two ssh private key files (rsa or dsa), how can someone determine if this key is protected by a passphrase? I generated two different keys as a test (one with passphrase and one without) and can't figure out how to identify the passphrase-less key.

Thanks,
honk

 

[SirDice]

You can't. Not by looking at the keys at least.

 

[aragon]

You can't? Password protected private keys are encrypted, and they should begin with a header stating that fact.

Like mine:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED

 

[SirDice]

Hmm.. You're right.. But only on the private part.

Password protected private keys have:

-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,<code>

Passwordless private keys only have:

-----BEGIN DSA PRIVATE KEY-----