Generate private key encrypted with password using openssl
16,262
You can add the "passout" flag, for the "foobar" password it would be: -passout pass:foobar
In your first example it become openssl genrsa -passout pass:foobar -out private.key 2048
You can also use: openssl genrsa -aes256 -out private.key 2048
This will ask you to enter a passphrase.
You can read more here: https://stackoverflow.com/questions/4294689/how-to-generate-an-openssl-key-using-a-passphrase-from-the-command-line
Related videos on Youtube
Author by
Dasha
Updated on September 18, 2022Comments
-
Dasha over 1 year
I'm using openssl to sign files, it works but I would like the private key file is encrypted with a password. These are the commands I'm using, I would like to know the equivalent commands using a password:
----- EDITED -----
I put here the updated commands with password:
- Use the following command to generate your private key using the RSA algorithm: $ openssl genrsa -aes256 -passout pass:foobar -out private.key 2048 - Use the following command to extract your public key: $ openssl rsa -in private.key -passin pass:foobar -pubout -out public.key - Use the following command to sign the file: $ openssl dgst -sha512 -sign private.key -passin pass:foobar -out signature.bin file.txt - To verify the signature: $ openssl dgst -sha512 -verify public.key -signature signature.bin file.txt
-
Dasha over 4 yearsIf I use the password in the first command, still can use the other commands without password to generate public key, sign the file and check the signature and they work, so something is missing here
-
Saxtheowl over 4 yearsYou can try with -aes256 at the begining so your first command would be openssl genrsa -aes256 -out private.key 2048
-
Dasha over 4 yearsIt works now, I will update my question so others can use it
-
Kishan Kishore about 3 yearsOnly the second command
openssl genrsa -aes256 -out private.key 2048
triggers a passphrase prompt. -
user1325696 almost 3 yearsWhen I create using
openssl genrsa -passout pass:foobar -out private.key 2048
I can decrypt without using password foobar. Why is this?