User Tools

Site Tools


howtos:encrypt_a_private_key

If you have a private key that is not encrypted (for example, it was created with the “-nodes” command line option), you can encrypt the private key with a password. A typical openssl command and resulting interactive session is shown here:

  > openssl rsa -des3 -in hostkeyNOPASSWORD.pem -out hostkeySECURE.pem
  writing RSA key
  Enter PEM pass phrase:
  Verifying - Enter PEM pass phrase:
  >

Here's an explanation of the command line options:

  • -des3 - encrypt the private key with the triple DES cipher before outputting it. The passphrase you enter must be at least four characters long.
  • -in hostkeyNOPASSWORD.pem - read in the unencrypted private key from the file hostkeyNOPASSWORD.pem.
  • -out hostkeySECURE.pem - write out the encrypted private key to the file hostkeySECURE.pem.
howtos/encrypt_a_private_key.txt · Last modified: d/m/Y H:i (external edit)