> On Jan 12, 2017, at 5:34 PM, Ken Goldman <kgold...@us.ibm.com> wrote:
>
>>> Is there a openssl command that can generate an ECC key pair where the
>>> output file is password protected?
>> openssl genpkey
>
> My latest attempt is this. It gives me a usage error. Any hints?
>
> openssl genpkey -out cakeyecc.pem -outform pem -pass pass:rrrr aes-256-cbc
> -algorithm ec pkeyopt ec_paramgen_curve:prime256v1 -text
The "aes-256-cbc" argument is wrong. Try "-aes256".
Also, take a look at test/certs/mkcert.sh:
key() {
local key=$1; shift
local alg=rsa
if [ -n "$OPENSSL_KEYALG" ]; then
alg=$OPENSSL_KEYALG
fi
local bits=2048
if [ -n "$OPENSSL_KEYBITS" ]; then
bits=$OPENSSL_KEYBITS
fi
if [ ! -f "${key}.pem" ]; then
args=(-algorithm "$alg")
case $alg in
rsa) args=("${args[@]}" -pkeyopt rsa_keygen_bits:$bits );;
ec) args=("${args[@]}" -pkeyopt "ec_paramgen_curve:$bits")
args=("${args[@]}" -pkeyopt ec_param_enc:named_curve);;
*) printf "Unsupported key algorithm: %s\n" "$alg" >&2; return 1;;
esac
stderr_onerror \
openssl genpkey "${args[@]}" -out "${key}.pem"
fi
}
--
Viktor.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
