본문 바로가기
조회 수 5614 추천 수 0 댓글 0
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print
?

단축키

Prev이전 문서

Next다음 문서

+ - Up Down Comment Print

http://stackoverflow.com/questions/4294689/how-to-generate-a-key-with-passphrase-from-the-command-line


If you don't use a passphrase, then the private key is not encrypted with any symmetric cipher - it is output completely unprotected.

You can generate a keypair, supplying the password on the command-line using an invocation like (in this case, the password is foobar):

openssl genrsa -aes128 -passout pass:foobar 2048

However, note that this passphrase could be grabbed by any other process running on the machine at the time, since command-line arguments are generally visible to all processes.

A better alternative is to write the passphrase into a temporary file that is protected with file permissions, and specify that:

openssl genrsa -aes128 -passout file:passphrase.txt 2048

Or supply the passphrase on standard input:

openssl genrsa -aes128 -passout stdin 2048

You can also used a named pipe with the file: option, or a file descriptor.


To then obtain the matching public key, you need to use openssl rsa, supplying the same passphrase with the -passin parameter as was used to encrypt the private key:

openssl rsa -passin file:passphrase.txt -pubout

(This expects the encrypted private key on standard input - you can instead read it from a file using -in <file>).


Example of creating a 2048-bit private and public key pair in files, with the private key pair encrypted with password foobar:

openssl genrsa -aes128 -passout pass:foobar -out privkey.pem 2048
openssl rsa -in privkey.pem -passin pass:foobar -pubout -out privkey.pub

Title
List of Articles
번호 제목 글쓴이 날짜 조회 수
448 How to install Java on linux with no Internet connectivity (using local repository) Hojung 2015.12.22 3752
447 How to install tcpreplay on CentOS 6.5 Hojung 2015.08.21 8492
446 Install et131x network interface driver in CentOS 6 (LW25-BDUO3) file Hojung 2015.07.03 4870
445 How to find CentOS and kernel version Hojung 2015.04.30 4270
444 MD5 Test Hojung 2015.04.01 4434
443 MAC times in Linux (atime, mtime, ctime, crtime, touch, stat, debugfs) Hojung 2015.01.13 5344
» How to generate a key with passphrase Hojung 2014.11.22 5614
441 Most Common OpenSSL Commands Hojung 2014.11.21 6056
440 How to use screen command Hojung 2014.11.17 4521
439 snorby (on testing) Hojung 2014.11.17 7237
438 APM (Apache + PHP + MySQL) with phpmyadmin in CentOS VM Hojung 2014.11.16 5402
437 10 Ways to Generate a Random Password from the Command Line Hojung 2014.11.16 4725
436 How to increase the size of a Linux LVM by adding a new disk file Hojung 2014.11.14 4934
435 Configuring logrotate for Rails logs file Hojung 2014.11.13 5385
434 Installing Splunk on CentOS file Hojung 2014.10.31 7240
433 Web performance test with ab (ruby web, dd, ab) file Hojung 2014.10.01 6235
432 Web performance test with Pylot (ruby web, dd, pylot) file Hojung 2014.10.01 5785
431 Install and Configure NTP to Synchronize The System Clock (ntpd, ntpdate) Hojung 2014.09.17 5300
430 How to disable IPv6 in CentOS 6 Hojung 2014.09.04 5425
429 IDS with snort in CentOS (Snort, Barnyard2) Hojung 2014.08.19 8802
Board Pagination ‹ Prev 1 2 3 4 5 6 7 8 9 10 ... 23 Next ›
/ 23

Designed by sketchbooks.co.kr / sketchbook5 board skin

나눔글꼴 설치 안내


이 PC에는 나눔글꼴이 설치되어 있지 않습니다.

이 사이트를 나눔글꼴로 보기 위해서는
나눔글꼴을 설치해야 합니다.

설치 취소

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5

Sketchbook5, 스케치북5