Removing the passpharse from key file using openssl API's

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Removing the passpharse from key file using openssl API's

Manoj
Hi,

I am creating an EVP_PKEY using functions EVP_PKEY_new() and then RSA_generate_key_ex()
and then wrtting the obtained key to file using function PEM_write_PrivateKey().
As the writing of key to file required a passpharse, which is passed as argument to PEM_write_PrivateKey().

But I want to remove this passpharse from file so that it not required to provided during SSL_CTX_use_PrivateKey_file() or SSL connection.

I know that I can change the file using command openssl rsa -in privkey.pem -out privatekey.pem

But I want some programtic(i.e C program/API) way so that there is no requirement of password during key file loading and ssl connection setup.

Regards
Manoj


Reply | Threaded
Open this post in threaded view
|

RE: Removing the passpharse from key file using openssl API's

Dave Thompson-5
> From: owner-openssl-users On Behalf Of Manoj
> Sent: Tuesday, December 10, 2013 08:31

> I am creating an EVP_PKEY using functions EVP_PKEY_new() and then
> RSA_generate_key_ex()
> and then wrtting the obtained key to file using function
> PEM_write_PrivateKey().
> As the writing of key to file required a passpharse, which is passed as
> argument to PEM_write_PrivateKey().
>
> But I want to remove this passpharse from file so that it not required to
> provided during SSL_CTX_use_PrivateKey_file() or SSL connection.
>
As the man page tells you, if the cipher argument to write_PrivateKey
is null it does not encrypt. (Also write_{PKCS8,RSA,DSA,EC}PrivateKey.)

Make sure to protect the resulting file from unauthorized access or copying.

BTW one slightly outdated bit: since I believe 1.0.0 the "plain"
PEM_write_PrivateKey defaults to PKCS8 format, same as
write_PKCS8PrivateKey, no longer the "traditional" formats,
which are still available under their specific names.



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]