What does openssl rsa -passin pass:xxx without other important commands do?

It is not clear to me what the second command does

openssl genrsa -des3 -passout pass:123 -out private/server.key 2048
openssl rsa -passin pass:123 -in private/server.key -out private/server.key

The first one generate a RSA key encrypted using des3 with pass 123. What about the second one? Does it remove the password?

Thank you,

1 Answer

The first one generate a RSA key encrypted using des3 with pass 123. What about the second one? Does it remove the password?

Yes, that is what is happening. The normal form for removing a passphrase from an encrypted private key is:

rsa -in some.key -out some.key

This prompts the user for the passphrase at the command line.

The use of -passin stems from the fact (as noted) the key was encrypted in the first step and whomever wrote the command wanted the passphrase supplied automatically (with no prompting).

Specifically, -passin indicates "the input file password source", which can be a password, a file or other arguments.

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy