## Table of Contents

Introduction

Definitions

Example Private & Public Keys

OpenSSH Public Keys

SSH-2 Public Keys

Examining OpenSSH Public Keys

## Introduction

There is a lot of confusion and inaccurate information on the Internet about Key Pairs and Private/Public keys. This article will help explain what they are and how they are used in the cloud world. After reading this article, you should know exactly what key pairs, private keys, public keys, certificates, PKCS #1, PKCS #8, etc. really are and how to use each one in different scenarios.

In its simplest form, a key pair is just three numbers: Modulus, Private Exponent and Public Exponent. That’s it. These three numbers are all that is required to perform asymmetric encryption and decryption. The different types of files are just different ways of encoding these three numbers.

The beginning of this article will be very technical and boring. However, having a good understanding of the technical details will help you to understand how to securely and safely use private and public keys when managing your cloud resources. This article will become more interesting as we will create private and public key pairs for making secure logins into our cloud resources.

Mostly, you only need to learn about PKCS #1 PEM files. We use these files for private and public keys for SSH access to your cloud instances. If you also need to manage SSL certificates, then understanding the additional formats will be required.

#### Download Git Repository

I have published the files for this article on GitHub.

License: MIT License

Clone my repository to your system:

1 |
git clone <a href="https://github.com/jhanley-com/Security---Key-Pairs-and-Private-Public-Keys.git">https://github.com/jhanley-com/Security---Key-Pairs-and-Private-Public-Keys.git</a> |

## Definitions

Let’s start by defining some terms that I will use below. I would like to give credit to Wikipedia for these definitions.

Term | Definition |
---|---|

PKI | Public Key Cryptography. Public-key cryptography, or asymmetric cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. This accomplishes two functions: authentication, where the public key verifies that a holder of the paired private key sent the message, and encryption, where only the paired private key holder can decrypt the message encrypted with the public key. |

PKCS | In cryptography, PKCS stands for “Public Key Cryptography Standards”. These are a group of public-key cryptography standards devised and published by RSA Security Inc, starting in the early 1990s. The company published the standards to promote the use of the cryptography techniques to which they had patents, such as the RSA algorithm, the Schnorr signature algorithm and several others. Though not industry standards (because the company retained control over them), some of the standards in recent years have begun to move into the “standards-track” processes of relevant standards organizations such as the IETF and the PKIX working-group. |

RSA | RSA (Rivest-Shamir-Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret (private). In RSA, this asymmetry is based on the practical difficulty of the factorization of the product of two large prime numbers, the “factoring problem”. The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978. Clifford Cocks, an English mathematician working for the British intelligence agency Government Communications Headquarters (GCHQ), had developed an equivalent system in 1973, but this was not declassified until 1997.
A user of RSA creates and then publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but with currently published methods, and if the public key is large enough, only someone with knowledge of the prime numbers can decode the message feasibly. Breaking RSA encryption is known as the RSA problem. Whether it is as difficult as the factoring problem remains an open question. |

Private Key | A Private Key is a secret key, used in Asymmetric Encryption. It is mathematically equivalent to a Public Key, but is kept secret. This is one half of a matching key-pair. |

Public Key | A Public Key is a publicly distributed key, used in Asymmetric Encryption. It is mathematically equivalent to a Private Key, but is widely distributed. This is the other half of a matching key-pair. |

PKCS#1 | In cryptography, PKCS #1 is the first of a family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography. It defines the mathematical properties of public and private keys, primitive operations for encryption and signatures, secure cryptographic schemes, and related ASN.1 syntax representations. |

PKCS#8 | In cryptography, PKCS #8 is a standard syntax for storing private key information. PKCS #8 is one of the family of standards called Public-Key Cryptography Standards (PKCS) created by RSA Laboratories. The latest version, 1.2, is available as RFC 5208. |

Base64 | Base64 is a group of similar binary-to-text encoding schemes that represent binary data in an ASCII string format by translating it into a radix-64 representation. The term Base64 originates from a specific MIME content transfer encoding. Each base64 digit represents exactly 6 bits of data. Three 8-bit bytes (i.e., a total of 24 bits) can therefore be represented by four 6-bit base64 digits. |

DER | DER (Distinguished Encoding Rules) is a restricted variant of BER for producing unequivocal transfer syntax for data structures described by ASN.1. Like CER, DER encodings are valid BER encodings. DER is the same thing as BER with all but one sender’s options removed. DER is a subset of BER providing for exactly one way to encode an ASN.1 value. DER is intended for situations when a unique encoding is needed, such as in cryptography, and ensures that a data structure that needs to be digitally signed produces a unique serialized representation. DER can be considered a canonical form of BER. For example, in BER a Boolean value of true can be encoded as any of 255 non-zero byte values, while in DER there is one way to encode a boolean value of true. |

ASN.1 | Abstract Syntax Notation One (ASN.1) is an interface description language for defining data structures that can be serialized and deserialized in a standard, cross-platform way. It is broadly used in telecommunications and computer networking, and especially in cryptography. |

PEM | PEM is a de facto file format for storing and sending cryptography keys, certificates, and other data, based on a set of 1993 IETF standards defining “privacy-enhanced mail.” While the original standards were never broadly adopted, and were supplanted by PGP and S/MIME, the textual encoding they defined became very popular. The PEM format was eventually formalized by the IETF in RFC 7468.
Many cryptography standards use ASN.1 to define their data structures, and Distinguished Encoding Rules (DER) to serialize those structures. Because DER produces binary output, it can be challenging to transmit the resulting files through systems, like electronic mail, that only support ASCII. The PEM format solves this problem by encoding the binary data using base64. PEM also defines a one-line header, consisting of “—–BEGIN “, a label, and “—–“, and a one-line footer, consisting of “—–END “, a label, and “—–“. The label determines the type of message encoded. Common labels include “CERTIFICATE”, “CERTIFICATE REQUEST”, and “PRIVATE KEY”. PEM data is commonly stored in files with a “.pem” suffix, a “.cer” or “.crt” suffix (for certificates), or a “.key” suffix (for public or private keys).[2] The label inside a PEM file represents the type of the data more accurately than the file suffix, since many different types of data can be saved in a “.pem” file. |

## Example Private & Public Keys

What is a Key Pair? A Key Pair is a PKCS#1 encoded private key that also contains the public key. A lot of information on the Internet mentions that the public key can be recreated from the private key. This is not correct. The public key is extracted from the private key by copying two values which are stored in the private key file: The Modulus and Public Exponent. The Modulus and Public Exponent are then written as a PKCS#1 encoded file.

A big source of confusion is caused by the fact that there is another common format: PKCS#8. This encoding wraps the ASN.1 portion of a PKCS#1 encoded private or public key within another encoding. This additional encoding includes additional information that describes the data that follows (the PKCS#1 information). You can create PKCS#1 from PKCS#8 by throwing away the PKCS#8 header SEQUENCE objects (unwrapping).

How do you determine if a private key file is PKCS#1 or PKCS#8? Simple, look at the file contents.

A PKCS#1 file has the text string “—–BEGIN RSA PRIVATE KEY—–” at the beginning of the file and the text string “—–END RSA PRIVATE KEY—–” at the end of the file. This is called wrapping the key.

A PKCS#8 file starts with the text string “—–BEGIN PRIVATE KEY—–” and ends with the text string “—–END PRIVATE KEY—–“. Notice that the word **RSA** is missing from PKCS#8.

The same style is used for the public key: “—–BEGIN RSA PUBLIC KEY—–” versus “—–BEGIN PUBLIC KEY—–“.

Here is an example PKCS#1 private key file:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAwHoymP4LUWao6ji8emUxCIwBvl9ilIdGEDpKPhQ/44hzBxdu aGVlEqj1c+8UDgZnRZ/vG6j5x483Pn4qSQ7awPwV9PUDTNi0c5vfHT/z5MnqBTKG SzX/Da28Czs2QJEzMnrmWKkEZT6zbM4JWPwCudg636pts8O7ed1MeptW7ZpuAyXI o2hJH5FEB7b8h9VXLA8abmFJOIWssWHl8dozMKXGOCT+skYgDvgWzY4/HeMe80lm cxJHqnvvhH0r4Y18/rom0BUnXhC/EwNtjQO66mHJO/GhMq4aypGz8naAEoa0qH1t +xVoqF/Qa7TRyJF9/55V21H3PjlGdojllvwgiwIDAQABAoIBAQCIedzImFFkHXul 4CbcTkXvPn66Ap4+nJA0T3B3Bhqq9gRBwf56LXL2QTERTDMXIrk1KAr9vNmnA0hz mjfXZ536eoQDFXuKkJma46nW7pK75eN2XfXU/Gtlwot0Fz8Hly0LHROZR/ai50uH 2avNGZvBNK3CC/EPJrkW1rA0u1Ju0/diOSONQBxxgSG1JkyLjtMsDziUCLsX6TdW P6R2UVe9l7ofMvInJo45NQTbS5uWASaW/XC3RdyDX0UgYqZ6lyQBXdCq1NWVLeo9 8Mc68kOyCK4KaovsELh65t84gFUlKuznPN16N1cbyIaP7wPFyPrgtEvzpI/DUyqw OraXI9qRAoGBAN++za9tskzv4dSWyNmO+3uvrDj3Woe5dZWGKzq9Kza5S6so45Je cKKvzMmCeTo4itbpaNRg6G5nmMOul2QMM7X78LvPTCiPVlZ9WzlBVW12SwALsNB/ wg7hI0LeSYi8JZlImlEkg5IuhuKVxSfTwCDQznglrBBXaiqHVULIsR7TAoGBANw5 d2WJGQMO5GuRFLwUkgxj7e5doMK3P3jzrUv1xttJGz/AEW/5U89nHgv7Vgg1ffAf 2N7c+G2c+PkqSrwTZUyNjiKJ+s+3Uq6M4YqhI9h5AatXBcuAIW6FOEl+hljP0J19 7HwwNsQTNz9gy0oM5jTiyqlyD2ofTJgbLaBnmhRpAoGBAIGyE35+It2wK4LUiMZ7 uFEBCt7WmxaTrZIn/MUGxJbrH+6uPAQrVDUpnJauV+Ekx24+THLXXcQprwa3HLB0 1kDGMsxbJHVaaRyne4qb0Y4rBNyY6jxh4jZH0O3A9nUZQt4wlKs2dEH3UF7lnCwy 9WrQPu6sP6oVUcgnPIgC15DbAoGBANagTwOutKitV+KZl4qhxaC7t0QrDaUXMI3x doBkPPSz8BGWX6gwZwToK3lj7vm7IEzozNSOqLMzW9aB6CoaAQy1nMN+k+jicntZ I+qWlze+3uicvDITYwGyZiQCYm6lwlvrQJHb71PyolJrRFSb87OxH/A6EFnNvTk0 q6f7sEeZAoGANulEMg6Cvy1ILpINoAUEGimIroeAD0wSKAwcDwZGKc1pJBgeWeKC erZpD8wk/1xXtznVFbv+nHTbHEFYB66d/z22pUx0ARSxo/OTitVuRy8cIGFZn5Lp 6E48jL7KMRy2gcu7b+oi2ajOeEDquuKit22/1lr3STonnUXRfc9RatM= -----END RSA PRIVATE KEY----- |

Here is an example PKCS#1 public key file:

1 2 3 4 5 6 7 8 |
-----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAwHoymP4LUWao6ji8emUxCIwBvl9ilIdGEDpKPhQ/44hzBxduaGVl Eqj1c+8UDgZnRZ/vG6j5x483Pn4qSQ7awPwV9PUDTNi0c5vfHT/z5MnqBTKGSzX/ Da28Czs2QJEzMnrmWKkEZT6zbM4JWPwCudg636pts8O7ed1MeptW7ZpuAyXIo2hJ H5FEB7b8h9VXLA8abmFJOIWssWHl8dozMKXGOCT+skYgDvgWzY4/HeMe80lmcxJH qnvvhH0r4Y18/rom0BUnXhC/EwNtjQO66mHJO/GhMq4aypGz8naAEoa0qH1t+xVo qF/Qa7TRyJF9/55V21H3PjlGdojllvwgiwIDAQAB -----END RSA PUBLIC KEY----- |

The file contents between the wrapping (“—–BEGIN RSA PRIVATE KEY—–“) is a base64 encoding of the public or private key. A private key is an ASN.1 data structure, serialized to a byte string using DER, and base64 encoded. Sounds complicated and this is where some of the confusion arises. Note that the OpenSSH format does not use DER / ASN.1 encoding. Its format is much simpler (length preceded binary data).

A more accurate description: PEM DER ASN.1 PKCS#1 RSA Private Key

## OpenSSH Public Keys

There is another public key file encoding and that is the OpenSSH encoding. This encoding format is used by SSH servers within the authorized_keys file. Let’s start with this format as this is the simplest to understand and take apart.

Here is an example OpenSSH public key file (notice that it starts with **ssh-rsa**).

The public key is the same as the PKCS#1 public key just encoded

differently.

1 2 3 4 5 6 |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAejKY/gtRZqjqOLx6ZTEIjAG+ X2KUh0YQOko+FD/jiHMHF25oZWUSqPVz7xQOBmdFn+8bqPnHjzc+fipJDtrA/BX0 9QNM2LRzm98dP/PkyeoFMoZLNf8NrbwLOzZAkTMyeuZYqQRlPrNszglY/AK52Drf qm2zw7t53Ux6m1btmm4DJcijaEkfkUQHtvyH1VcsDxpuYUk4hayxYeXx2jMwpcY4 JP6yRiAO+BbNjj8d4x7zSWZzEkeqe++EfSvhjXz+uibQFSdeEL8TA22NA7rqYck7 8aEyrhrKkbPydoAShrSofW37FWioX9BrtNHIkX3/nlXbUfc+OUZ2iOWW/CCL |

## SSH-2 Public Keys

Now to really add to the confusion, there is another SSH format called SSH-2. This format is used by AWS. Notice the similarity with PKCS#1 with the BEGIN SSH header. Also, notice that the public key part is the same as OpenSSH (the part that begins with AAAAB3).

1 2 3 4 5 6 7 8 9 |
---- BEGIN SSH2 PUBLIC KEY ---- Comment: "2048-bit RSA, converted by john.hanley from OpenSSH " AAAAB3NzaC1yc2EAAAADAQABAAABAQDAejKY/gtRZqjqOLx6ZTEIjAG+X2KUh0YQOko+FD /jiHMHF25oZWUSqPVz7xQOBmdFn+8bqPnHjzc+fipJDtrA/BX09QNM2LRzm98dP/PkyeoF MoZLNf8NrbwLOzZAkTMyeuZYqQRlPrNszglY/AK52Drfqm2zw7t53Ux6m1btmm4DJcijaE kfkUQHtvyH1VcsDxpuYUk4hayxYeXx2jMwpcY4JP6yRiAO+BbNjj8d4x7zSWZzEkeqe++E fSvhjXz+uibQFSdeEL8TA22NA7rqYck78aEyrhrKkbPydoAShrSofW37FWioX9BrtNHIkX 3/nlXbUfc+OUZ2iOWW/CCL ---- END SSH2 PUBLIC KEY ---- |

## Examining OpenSSH Public Keys

Let’s take apart the OpenSSH public key. We will start by unpacking the two fields, base64 decode the public key back to binary and take apart the binary to see the Modulus and Public Exponent. We will do this in Python. The source code to this example (example1.py) and the private/public keys displayed above and in the repository.

The first step is to create the public and private keys that we will be examining. I wrote a Windows batch script to create the keys and set read-only permissions on the private key file. If you do not set the correct read-only permissions on the private key file, ssh-keygen.exe will complain and abort. ssh-keygen.exe insists on only supporting protected private key files.

The repository contains `make_keys.bat`

which includes enhanced versions that include error checking that I do not include below.

File make_keys.bat

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
REM Create an RSA 2048-bit private key openssl genrsa -out test1.pem 2048 REM Create an RSA Public Key from the Private Key (requires OpenSSL version 1.0.0 or newer) openssl rsa -in test1.pem -RSAPublicKey_out -out test1.pub REM ssh-keygen will complain and fail if the permissions for test1.pem are not set to read-only REM Disable inheritance on test1.pem icacls test1.pem /inheritance:d REM Delete "NT AUTHORITY\Authenticated Users" from having any rights icacls test1.pem /remove "NT AUTHORITY\Authenticated Users" REM Delete "BUILTIN\Users" from having any rights icacls test1.pem /remove "BUILTIN\Users" REM Grant Read-Only rights to me icacls test1.pem /GRANT:R "%USERNAME%:(R)" REM Create an OpenSSH Public Key from the Private Key ssh-keygen -y -f test1.pem > test1.pub.openssh REM Create an SSH-2 Public Key from the OpenSSH Public Key ssh-keygen -e -f test1.pub.openssh > test1.pub.ssh2 |

Executing make_keys.bat will create four files and set the correct permissions on the private key file. The repository includes the batch file make_keys_8.bat which will create PKCS #8 files from the PKCS #1 files. We will look at PKCS #8 later.

- test1.pem – This is the RSA private key – PKCS #1
- test1.pub – This is the RSA public key – PKCS #1
- test1.pem – This is the OpenSSH public key
- test1.pem – This is the SSH-2 public key

OpenSSL has an option to parse ASN.1 data structures. Let’s look at a simple example first, the public key, and then a complex example, the private key.

Execute the following command:

1 |
openssl asn1parse -in test1.pub |

The output will look like this:

1 2 3 |
0:d=0 hl=4 l= 266 cons: SEQUENCE 4:d=1 hl=4 l= 257 prim: INTEGER :C93A84A118AE198AADBBFB23D97FF406E346F9A9BE82CBA89ACB2AAE7EA7BA93BB70F36FB3A081843E6D888492ADD6DE67B385009F3040F0F8454B07F3224AC7C882D4E4032E05B9E0DEF5DE6AF9E62E2B730E6EE4BE900D8ACFF7FCE41487ECE97BF0595F3DAE44904B55ED9401CC269C09FBF35A72EEBC068FFF7B260294C8CF7E1E238F4FEE6F946B4F3F30FD80EC4266A9F7309C325CA907D978D1D2A25D760FA84EE7A6D99678A2E4B217F36EAA60B0326FDC54AEFD7CEF0FA53613821A915454C5EF8AAD483928993AB9747AF06974E34F331EF8DC655C381F8A5724A0970B0A1F888C8C98111AD1ECF97DC65695A62EBFC94EE4119D48FA9A7F47EA11 265:d=1 hl=2 l= 3 prim: INTEGER :010001 |

The Modulus is the long (2048-bit) number that starts with C93A.

The Public Exponent is 010001 (decimal 65537) which is the default used by openssl when creating private keys.

Another way to view the Modulus is to use this openssl command:

1 |
openssl rsa -RSAPublicKey_in -in test1.pub -modulus -noout |

Notice the same Modulus in the output.

1 |
Modulus=C93A84A118AE198AADBBFB23D97FF406E346F9A9BE82CBA89ACB2AAE7EA7BA93BB70F36FB3A081843E6D888492ADD6DE67B385009F3040F0F8454B07F3224AC7C882D4E4032E05B9E0DEF5DE6AF9E62E2B730E6EE4BE900D8ACFF7FCE41487ECE97BF0595F3DAE44904B55ED9401CC269C09FBF35A72EEBC068FFF7B260294C8CF7E1E238F4FEE6F946B4F3F30FD80EC4266A9F7309C325CA907D978D1D2A25D760FA84EE7A6D99678A2E4B217F36EAA60B0326FDC54AEFD7CEF0FA53613821A915454C5EF8AAD483928993AB9747AF06974E34F331EF8DC655C381F8A5724A0970B0A1F888C8C98111AD1ECF97DC65695A62EBFC94EE4119D48FA9A7F47EA11 |

Now let’s look at the private key test1.pem. Notice that you will find the same two numbers (Modulus and Public Exponent) in the private key data structures. Now you know for certain that the public key is stored in the PKCS #1 private key data structures.

Before looking at the ASN.1 decode of the private key, let’s review the ASN.1 syntax that defines the data is stored in a private key.

The ASN.1 syntax for the DER-encoded private key is described in RFC 3447 (aka PKCS #1):

1 2 3 4 5 6 7 8 9 10 11 12 |
RSAPrivateKey ::= SEQUENCE { version Version, modulus INTEGER, -- n publicExponent INTEGER, -- e privateExponent INTEGER, -- d prime1 INTEGER, -- p prime2 INTEGER, -- q exponent1 INTEGER, -- d mod (p-1) exponent2 INTEGER, -- d mod (q-1) coefficient INTEGER, -- (inverse of q) mod p otherPrimeInfos OtherPrimeInfos OPTIONAL } |

Only the modulus, publicExponent and privateExponent are required for asymmetric encryption and decryption. The other numbers are helpful for improving the performance of the algorithms.

Let’s define each number:

Term | Definition |
---|---|

modulus | The result of multiplying p (prime1) and q (prime2). Called n. Its length, expressed in bits, is the key length. |

publicExponent | The public exponent used for encryption and decryption. Called e. The public key consists of the modulus (n) and the public exponent (e). |

privateExponent | The private exponent used for encryption and decryption. Called d. The private key consists of the modulus (n) and the private exponent (d). |

prime1 | The first of two prime numbers that are multiplied together to produce the modulus. Called p. |

prime2 | The second of two prime numbers that are multiplied together to produce the modulus. Called q. |

exponent1 | A result stored to improve RSA performance. Refer to the Chinese Remainder Theorem. Calculated from d mod (p – 1). |

exponent2 | A result stored to improve RSA performance. Refer to the Chinese Remainder Theorem. Calculated from d mod (q – 1). |

coefficient | A result stored to improve RSA performance. Refer to the Chinese Remainder Theorem. Calculated from (inverse of q) mod p. |

otherPrimeInfos | Additional information that can be included. |

To see the ASN.1 output, execute the following command:

1 |
openssl asn1parse -in test1.pem |

Refer to the ASN.1 syntax and the table above to understand each number. The order of each number is defined in the ASN.1 syntax.

1 2 3 4 5 6 7 8 9 10 |
0:d=0 hl=4 l=1188 cons: SEQUENCE 4:d=1 hl=2 l= 1 prim: INTEGER :00 7:d=1 hl=4 l= 257 prim: INTEGER :C93A84A118AE198AADBBFB23D97FF406E346F9A9BE82CBA89ACB2AAE7EA7BA93BB70F36FB3A081843E6D888492ADD6DE67B385009F3040F0F8454B07F3224AC7C882D4E4032E05B9E0DEF5DE6AF9E62E2B730E6EE4BE900D8ACFF7FCE41487ECE97BF0595F3DAE44904B55ED9401CC269C09FBF35A72EEBC068FFF7B260294C8CF7E1E238F4FEE6F946B4F3F30FD80EC4266A9F7309C325CA907D978D1D2A25D760FA84EE7A6D99678A2E4B217F36EAA60B0326FDC54AEFD7CEF0FA53613821A915454C5EF8AAD483928993AB9747AF06974E34F331EF8DC655C381F8A5724A0970B0A1F888C8C98111AD1ECF97DC65695A62EBFC94EE4119D48FA9A7F47EA11 268:d=1 hl=2 l= 3 prim: INTEGER :010001 273:d=1 hl=4 l= 256 prim: INTEGER :31EF5290437698A20040E0AE61BFCDC793C8BE15B04FF6C7ED39B36ABFC551986D703708A613937044A99BB202501F3CEB90F1D558AB79C21269E7979E6F090D90A55EBD0248FE64C4F7AF1DB58033ED8B1CAF1D37A84E48FE0463AE9ECEB57845EC5A9562FC046DC13CE0A2E712971D91A52C9F93F76764C360226EE5DCC81CA7EE85C4C6ED1D8347B3820157E2823C031DFEF5D85296D3B95628A96197522FE87BB79AB69C2C18D218A6288C3DB40890942841AC86041BE68B2836D68BBBA63FD2F3253C5047BE04EFE3DC1F1C8144DC5C414FF1238D3272B873200707B5A99128DA6045B9557467FBA8C12473C0E9FD39B545082F212D9B02F55C87B82091 533:d=1 hl=3 l= 129 prim: INTEGER :F33621F64E89D082F3397A3D2A68FFBD83E9B338D8504F53E3864CD0D236716A85D59D4967A403374F990ECF8A78661A38198852A1176CBEAD8DB1F5175391F3ABB9D66B26254E921F038BDE3B682D2764091DF551E0717AD85AB47E1BD6BE6A3B1134DAFDEF577DB782442EBDF4312F48D56C309B3638A36AB555025589B54D 665:d=1 hl=3 l= 129 prim: INTEGER :D3CF411E65E8C1A89BBC5C1600CA2620822AE3422457ED32BC30673F1C4B9D7F3ED01E686E319BF8C6B206DA585D9BD58547043033FCC9D379D769D71D6F2AA996CCB56A2497B9B0E99DAA34FB76E9D290F31A861F1578693FE420B0764C30BC25A167F158ECD6F15E5D4EC7FD280F4F47D8935AF994BC8B9D6F6B9C95C7D5D5 797:d=1 hl=3 l= 129 prim: INTEGER :8EE4EA3555D5A0DD9F5BD0D72918C1D12E34DBA8F566D204DEB42463B86E665A88C18604FFD09C571DFC367877C9DF6B5E349A24BA23123041B5F3ADA583E347C048929327B9599D7E7D4DEB470A2125789FE6AB20ECF69F8F88536D989BA60AB2239CE361B902B589610F004B78B2812E90BE5D1C8451E8A9A45A8AE188E42D 929:d=1 hl=3 l= 129 prim: INTEGER :CEBDF0C0DC1619D91AD1FB4C5ACEF5F22B3BF3811EFA58037A9F005820A54A00E6EDBB90916688E88601452120B9961F0F2D2750699E27DDEC82AFC391EE6D450575A0EA0EF7ADFF99B814680CBFA031B0DC299A9A82997A9A2B7120ED072756AEA06255B847CCF1E1FACFA7F35983C00DCFBEDD40D9C643BC930205E0492355 1061:d=1 hl=3 l= 128 prim: INTEGER :05AA21317DF691FF9DBEF30007E4D4103C5D68E91470542469ED1B6BE314327EC40B129ADB5CB2A52A99D5DA2DE2A73A0DE4F738A3CB615762D7BD639692C2CE68CBF9B709EB02C274ACC8980F5A65EEB232638C91045DAA6C6BCE15E517994A860F291C68476909805B505906FED1C997D6A5F1819CA75F3609FF75B303BDD1 |

## Credits

I write free articles about technology. Recently, I learned about Pexels.com which provides free images. The image in this article is courtesy of Pixabay at Pexels.

I design software for enterprise-class systems and data centers. My background is 30+ years in storage (SCSI, FC, iSCSI, disk arrays, imaging) virtualization. 20+ years in identity, security, and forensics.

For the past 14+ years, I have been working in the cloud (AWS, Azure, Google, Alibaba, IBM, Oracle) designing hybrid and multi-cloud software solutions. I am an MVP/GDE with several.

## Leave a Reply