automatic password entry with the dgst command

[Richard Andrus]

I've used openssl off and on for about a 18 months now, but I'm definitely
an OpenSSL beginner.

I'm digitally signing some documents like this :

openssl dgst -md5 -binary -sign privkey.pem -out sig.bin testdoc.txt
or alternatively
openssl md5 -binary -sign privkey.pem -out sig.bin testdoc.txt

When I do this, I get the
"Enter PEM pass phrase:"
prompt, and must interactively give the password
which decrypts the private key in the PEM file in
order to calculate the signature.

I would like to give the password to this command non-interactively.
Other commands in openssl have options like "passin" or "pass" which
enable this functionality. Unfortunately "dgst" doesn't have this option.

After searching the archives of this list, I found some posts which
made me think I could do it with the "echo" command and a pipe.

I tried some things like this :

echo mypassword | openssl md5 -sign privkey.pem -out sig.bin testdoc.txt
echo -n -e mypassword\r\n | openssl md5 -sign privkey.pem -out sig.bin testdoc.txt
echo -n -e \r\nmypassword\r\n | openssl md5 -sign privkey.pem -out sig.bin testdoc.txt
openssl md5 -sign -privkey.pem -out sig.bin testdoc.txt < echo mypassword
openssl md5 -sign -privkey.pem -out sig.bin testdoc.txt | echo mypassword

but none of them works.

After trying a lot more variations than these, it seems like it is
an "order of argument" processing problem.

I'm running OpenSSL under Cygwin on Windows2000 - but I am using
the unix-like version of  "echo". Does the OS have an impact on how
arguments are processed ?

The only other think I can think of doing is calculating the plain
hashes in a first pass, and then using "enc" to encrypt them in another
pass. What encryption algorithm is used when MD5 does a signing ?
I would really rather do it in one step, if possible.

Any suggestions for how to avoid the interactive password entry ?

Thanks
Richard
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]