In splunk up to 4.1.2, splunk password hashing is applied to both ssl cert passwords and user login passwords. The mechanism is more of a cipher than a key pair.
The secret used in this cipher is stored in $SPLUNK_HOME/etc/auth/splunk.secret. Thus your stored password datums and this file must match.
After 4.1.2, the passwd file contains a traditional one-way hash of the password string, with salt, just as you would find in a linux or openbsd system. SSL cert passwords, and ldap bind passwords are still ciphered as before.