Openssl ECDSA : private key passphrase

security encryption openssl ecdsa
11,172

Solution 1

It would seem that ecparam doesn't have a built-in option for encrypting the generated key. Instead, you can simply do the following:

openssl ec -in myprivatekey.pem -out myprivatekey_encrypted.pem -aes256

Compared to genrsa, an extra step is required, but this basically does the same thing.

Now as far as the certificate request, the command is pretty much the same regardless of the type of private key used:

openssl req -new -sha256 -key myprivatekey.pem -out mycertrequest.pem

You can then take the resulting mycertrequest.pem and send it to a CA for signing.

Edit:

If you have concerns about writing the unencrypted private key to disk, you can do both the generation and encryption of the key in one step like so:

openssl ecparam -genkey -name secp256k1 | openssl ec -aes256 -out privatekey.pem

This generates a P-256 key, then prompts you for a passphrase. The key is then encrypted using AES256 and saved into privatekey.pem.

Solution 2

While ecparam doesn't have an option to encrypt the generated key, genpkey can generate ECC private keys and does have such an option:

openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:secp160k1 -aes-256-cbc -out myprivatekey_encrypted.pem

The -aes-256-cbc option specifies to encrypt it (with aes-256-cbc; other options are available for different types of encryption).

You can pass -passin pass:password or -passin file:mypassword.pass to specify the password on the commandline.

Share:
11,172
elpazio
Author by

elpazio

Updated on July 29, 2022

Comments

  • elpazio
    elpazio almost 2 years

    I am new with Openssl i have generated a private key myprivatekey.pem and a publickey mypublickey.pem with :

    openssl ecparam -genkey -name secp160k1 -noout -out myprivatekey.pem

    and my public key with :

    openssl -ec  -in myprivatekey.pem -pubout -out mypublickey.pem

    What i want to do next is to encrypte my ecdsa with a passphrase private key and make a certification request for my public key and thank you for your help.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Nodejs createCipher vs createCipheriv
OpenSSL and what encryption method to use
What is the best way to encrypt files in AES-256 with PHP?
How to list all openssl ciphers available in statically linked python releases?
How do you open an encrypted SQLITE db on the iPhone?
Check if Android filesystem is encrypted
Opening an RSA private key from Ruby
OpenSSL ECDSA sign and verify file
Encrypt and decrypt string with c++, Openssl and aes
Decrypt with the public key using openssl in commandline