[openssl-users] Need help encrypting my ca.key

Viktor Dukhovni openssl-users at dukhovni.org
Tue Jan 6 02:48:13 UTC 2015

On Mon, Jan 05, 2015 at 08:37:24PM -0600, jack seth wrote:
> I must be doing something wrong but I can't figure out what it is.  I am trying to encrypt my private ca key with this command
> openssl rsa -in ca.key -out caencrypted.key -aes256
> This works fine but the problem is I don't get the original key back when I decrypt it using this command
> openssl rsa -in caencrypted.key -out catest.key
> catest.key doesn't have the same characters in it as ca.key when looking at them in a text editor.   What am I missing here? 		 	   		  

There are multiple possible key formats for the same key. Instead
compare the outputs of:

    $ umask 077
    $ openssl rsa -in ca.key -noout -text > txt1
    $ openssl rsa -in catest.key -noout -text > txt2
    $ diff txt1 txt2


More information about the openssl-users mailing list