When generating a key with openssl one can choose to encrypt the generated key using a password.
openssl genpkey -algorithm rsa -out rsa.key -aes-128-cbc
In this example AES 128 in CBC mode is used to encrypt the generated key in the file 'rsa.key'.
If one wants to use the key with openssl one has to provide the password.
openssl pkcs8 -in rsa.key
Enter Password:
Somehow openssl detects the key encryption algorithm. Is it possible with openssl to print out the encryption algorithm used for an encrypted key?
pkey
(in 1.0.0 up, andpkcs12 (import)
) andpkcs8
can create pkcs8-encrypted for an existing key.rsa dsa ec
can convert to OpenSSL's 'legacy' PEM encryption, which is not nearly as good; see many existing Qs. Also answered by, though not quite a dupe of, security.stackexchange.com/questions/58425/…