[openssl-users] problem with -aes256 and -outform der in cmmand

Robert Moskowitz rgm at htt-consult.com
Mon Aug 21 15:40:06 UTC 2017


If I use format=pem in the following:

openssl genpkey -outform $format -aes256 -algorithm ec -pkeyopt 
ec_paramgen_curve:prime256v1 \
     -pkeyopt ec_param_enc:named_curve -out private/ca.key.$format

the private key is password protected.

But if I use format=der

I do not get prompted for the password.

The pem file is 379 bytes and the der is 121, but that is not a valid 
comparison as der is not encrypted...

Is this a bug?  Or a feature?

Bob



More information about the openssl-users mailing list