# How to identify passphrase-less ssh-keys?



## honk (Aug 3, 2009)

Hi,

given two ssh private key files (rsa or dsa), how can someone determine if this key is protected by a passphrase? I generated two different keys as a test (one with passphrase and one without) and can't figure out how to identify the passphrase-less key.

Thanks,
honk


----------



## SirDice (Aug 4, 2009)

You can't. Not by looking at the keys at least.


----------



## aragon (Aug 4, 2009)

You can't?  Password protected private keys are encrypted, and they should begin with a header stating that fact.

Like mine:


```
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
```


----------



## SirDice (Aug 4, 2009)

Hmm.. You're right.. But only on the private part.

Password protected private keys have:

```
-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,<code>
```

Passwordless private keys only have:

```
-----BEGIN DSA PRIVATE KEY-----
```


----------

