[openssl-users] Generate ECC key with password protection
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Jan 13 14:44:57 UTC 2017
On Fri, Jan 13, 2017 at 09:32:01AM -0500, Ken Goldman wrote:
> > The "aes-256-cbc" argument is wrong. Try "-aes256".
>
> BTW, I got aes-256-cbc from
>
> https://wiki.openssl.org/index.php/Command_Line_Elliptic_Curve_Operations
>
> and > openssl list-cipher-commands
When cipher names are used as options, they need a leading "-".
> > Also, take a look at test/certs/mkcert.sh:
>
> I looked at that, but what is $bits?
The curve name.
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
You're sure fond of leaving off the leading "-" in option names.
You'll also really want the "ec_param_enc" option when you get
the rest of the syntax right.
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr -aes256
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 pkeyopt
> ec_param_enc:named_curve -text
So this one is much closer, but now has two missing "-"s in "pkeyopt".
--
Viktor.
More information about the openssl-users
mailing list