On Thu, Dec 06, 2012, Christian Hohnstaedt wrote: > On Wed, Dec 05, 2012 at 10:38:59AM -0800, Alex Chen wrote: > > I am trying to change the password of a private key with 'openssl rsa' > > command. The original key file, server.key.enc has the following format: > > -----BEGIN ENCRYPTED PRIVATE KEY----- > > .... > > -----END ENCRYPTED PRIVATE KEY----- > > This is a private key in PKCS#8 format. > > > > > When I used the command "openssl rsa -in server.key.enc -passin > > pass:old_password -out server.key", a new decrypted key file is > > generated with the following format: > > -----BEGIN RSA PRIVATE KEY----- > > ... > > -----END RSA PRIVATE KEY----- > > > > But when I use the command "openssl rsa -in server.key.enc -passin > > pass:old_password -out server.key -passout pass:new_password", hoping > > the new key file will be encrypted with the new password, I still get > > the same decrypted key file below > > -----BEGIN RSA PRIVATE KEY----- > > ... > > -----END RSA PRIVATE KEY----- > > You must use one of the -des, -aes128, -aes192, -aes256 options > to get an encrypted RSA key. It then looks like: > > -----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > DEK-Info: DES-EDE3-CBC,B9A804CC6B6B2B3B > > fpz9643saAI47PWga4Or3xcBY372owuck/9jGO19rBbrfW6NSyUvJevHRWvcHNGM > ..... > -----END RSA PRIVATE KEY----- > > However, this format is an OpenSSL specific extension. > To get the key in the same format (PKCS#8) as before, > just with a changed password, use: > > openssl pkcs8 -topk8 -in server.key.enc -passin pass:old_password \ > -out server.key -passout pass:new_password" >
In OpenSSL 1.0.0 and later it's rather easier. You can for example: openssl pkey -in old.pem -out new.pem -aes256 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
