How to generate an openSSL key using a passphrase from the command line?

后端未结

关注

 2  1706

终归单人心 2020-11-29 15:30

First - what happens if I don\'t give a passphrase? Is some sort of pseudo random phrase used? I\'m just looking for something \"good enough\" to keep casual hackers at bay

2条回答

盖世英雄少女心 (楼主)

2020-11-29 16:11
genrsa has been replaced by genpkey & when run manually in a terminal it will prompt for a password:
```
openssl genpkey -aes-256-cbc -algorithm RSA -out /etc/ssl/private/key.pem -pkeyopt rsa_keygen_bits:4096
```
However when run from a script the command will not ask for a password so to avoid the password being viewable as a process use a function in a shell script:
```
get_passwd() {
    local passwd=
    echo -ne "Enter passwd for private key: ? "; read -s passwd
    openssl genpkey -aes-256-cbc -pass pass:$passwd -algorithm RSA -out $PRIV_KEY -pkeyopt rsa_keygen_bits:$PRIV_KEYSIZE
}
```
0 讨论(0)

查看其它2个回答
发布评论:

提交评论
- 加载中...