Norberto Silva wrote:
> Hi,
>
> I am in the process of trying to automate the generation of RSA private
> keys using openssl genrsa.
> In particular, I am trying to redirect user input via a temporary file
> containing the pass phrase (and , of course,
> a confirming pass phrase on the next line). In other words I have a file
> phrase.inp with the first two lines
> containing (pass phrase is "secret"):
>
> secret
> secret
>
> Then I want to automate the generation of the rsa key via the command
>
> openssl genrsa -des3 -out myKey.key 1024 < phrase.inp
>
> The problem I encounter is that genrsa is still prompting the user
> rather than taking the contents of
> phrase.inp as input. Is there anyway around this?
>
> Norberto
The PEM routines take a call back to read the password. I modified req.c
(rsa.c looks to be very similar) to take a -p flag to set the password with
the following snippets:
char *pwd=(char *)0;
pem_password_cb *pwd_cb = (pem_password_cb *)0;
...
else if (strcmp(*argv,"-p") == 0)
{
if (--argc < 1) goto bad;
pwd = *(++argv);
pwd_cb = read_password_callback;
}
...
if (!PEM_write_bio_PrivateKey(out,pkey,cipher,
NULL,0,pwd_cb,(void *)pwd))
{
if ((ERR_GET_REASON(ERR_peek_error()) ==
PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3))
{
ERR_clear_error();
i++;
goto loop;
}
goto end;
}
Which worked fine, but then I abandoned it and decided just to generated the
keys
in unencrypted form (e.g. no password requested) via:
openssl genrsa -out CA/private/CAkey.pem 1024
- Rod
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
