What does openssl rsa -passin pass:xxx without other important commands do?
The first one generate a RSA key encrypted using des3 with pass 123. What about the second one? Does it remove the password?
Yes, that is what is happening. The normal form for removing a passphrase from an encrypted private key is:
rsa -in some.key -out some.key
This prompts the user for the passphrase at the command line.
The use of -passin stems from the fact (as noted) the key was encrypted in the first step and whomever wrote the command wanted the passphrase supplied automatically (with no prompting).
Specifically, -passin indicates "the input file password source", which can be a password, a file or other arguments.
Related videos on Youtube
user217354
Updated on September 18, 2022Comments
-
user217354 over 1 year
It is not clear to me what the second command does
openssl genrsa -des3 -passout pass:123 -out private/server.key 2048 openssl rsa -passin pass:123 -in private/server.key -out private/server.key
The first one generate a RSA key encrypted using des3 with pass 123. What about the second one? Does it remove the password?
Thank you,
-
user217354 over 6 yearsSo do you think it is trying to re-encrypt the key or is it a convenient way to avoid user input during the process? How can RSA cmd removes the pw without asking it?
-
Anaksunaman over 6 yearsApologies. The answer erroneously gave partially incorrect information. There are no passphrases for non-encrypted private keys. The usage is for convenience, as you surmised. Normally, passphrases are prompted for at the command line after running the initial command listed (which then unencrypts the private key assuming the passwords match).