본문 바로가기
조회 수 6151 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print

http://stackoverflow.com/questions/4294689/how-to-generate-a-key-with-passphrase-from-the-command-line


If you don't use a passphrase, then the private key is not encrypted with any symmetric cipher - it is output completely unprotected.

You can generate a keypair, supplying the password on the command-line using an invocation like (in this case, the password is foobar):

openssl genrsa -aes128 -passout pass:foobar 2048

However, note that this passphrase could be grabbed by any other process running on the machine at the time, since command-line arguments are generally visible to all processes.

A better alternative is to write the passphrase into a temporary file that is protected with file permissions, and specify that:

openssl genrsa -aes128 -passout file:passphrase.txt 2048

Or supply the passphrase on standard input:

openssl genrsa -aes128 -passout stdin 2048

You can also used a named pipe with the file: option, or a file descriptor.


To then obtain the matching public key, you need to use openssl rsa, supplying the same passphrase with the -passin parameter as was used to encrypt the private key:

openssl rsa -passin file:passphrase.txt -pubout

(This expects the encrypted private key on standard input - you can instead read it from a file using -in <file>).


Example of creating a 2048-bit private and public key pair in files, with the private key pair encrypted with password foobar:

openssl genrsa -aes128 -passout pass:foobar -out privkey.pem 2048
openssl rsa -in privkey.pem -passin pass:foobar -pubout -out privkey.pub

Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
8 Most Common OpenSSL Commands Hojung 2014.11.21 6779
» How to generate a key with passphrase Hojung 2014.11.22 6151
6 MAC times in Linux (atime, mtime, ctime, crtime, touch, stat, debugfs) Hojung 2015.01.13 6164
5 MD5 Test Hojung 2015.04.01 5081
4 How to find CentOS and kernel version Hojung 2015.04.30 4940
3 Install et131x network interface driver in CentOS 6 (LW25-BDUO3) file Hojung 2015.07.03 5622
2 How to install tcpreplay on CentOS 6.5 Hojung 2015.08.21 9927
1 How to install Java on linux with no Internet connectivity (using local repository) Hojung 2015.12.22 4652
Board Pagination ‹ Prev 1 ... 14 15 16 17 18 19 20 21 22 23 Next ›
/ 23

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5