ECC keypair generation with password

Viktor Dukhovni openssl-users at dukhovni.org
Mon Mar 25 18:37:55 UTC 2019


> On Mar 25, 2019, at 1:53 PM, Kenneth Goldman <kgoldman at us.ibm.com> wrote:
> 
> 
>     $ openssl ec -aes128 <<EOF
> 
> This was the piece I was missing.  Thanks.
> 
> In the script, I used this:
> 
>     openssl ec -aes128 -passout pass:rrrr -in tmpecprivkeydec.pem -out tmpecprivkey.pem

I try to avoid putting sensitive information in command-line arguments.

If you're using "bash" (which has "printf" as a built-in) you could use:

	-passout file:<(printf "rrrr\n")

which does not create any processes with the password in the argument vector.
Example:

$ openssl enc -aes128 -pass file:<(printf "rrrr\n") <<EOF | openssl enc -d -aes128 -pass file:<(printf "rrrr\n")
> foobar
> EOF
foobar

-- 
	Viktor.



More information about the openssl-users mailing list