How to generate an openSSL key using a passphrase from the command line?

Question

First - what happens if I don't give a passphrase? Is some sort of pseudo random phrase used? I'm just looking for something "good enough" to keep casual hackers at bay.

Second - how do I generate a key pair from the command line, supplying the passphrase on the command line?

I finally got it working using these commands, using exec() which it is generally reckoned not safe to use, being better to give the PassPhrase in a file. I can accept this risk as I am sure that the PHP will only ever be executed on my PC (which runs windows & doesn't have a PS command).

openssl genrsa -aes128 -passout pass:foobar -out privkey.pem 2048
openssl rsa -in privkey.pem -passin pass:foobar -pubout -out privkey.pub

Many many thanks to @caf, without whom this would not have been possible.

Only one regret - that, no matter how much I Google, no one can seem to get openssl_pkey_new() working with Xampp on Windows (which is the proper way to generate a key pair)

why is `openssl_pkey_new()` ... the "proper" way to generate a key pair? — Jake Berger, May 18 '14 at 00:39
Windows doesn't (normally) have `ps` but since Vista it has `wmic process get commandline` — dave_thompson_085, Mar 22 '20 at 18:07
Ah, Vista. Also know as "the only way from here is up Windows" ;-) — Mawg says reinstate Monica, Feb 15 '21 at 09:33
And, since I am waxing nostalgic on Redmond products, a few decades (AKA the blink of an eye) ago, there were 3 Widows editions available : [CE](https://en.wikipedia.org/wiki/Windows_Embedded_Compact), [ME](https://en.wikipedia.org/wiki/Windows_Me) and [NT](https://en.wikipedia.org/wiki/Windows_NT), thus offering us Widows CE ME NT. Fun fact/pop quiz: : CE was actually "Embedded Compact", so why, oh why, did they not title it Windows EC? — Mawg says reinstate Monica, Feb 15 '21 at 09:38
Tracing the output at https://lapo.it/asn1js/ shows all key readable without password. Then what should the password have protected? — Sam Ginrich, Jan 01 '22 at 19:23

caf · Accepted Answer · 2017-03-14T03:13:19.390

275

If you don't use a passphrase, then the private key is not encrypted with any symmetric cipher - it is output completely unprotected.

You can generate a keypair, supplying the password on the command-line using an invocation like (in this case, the password is foobar):

openssl genrsa -aes128 -passout pass:foobar 3072

However, note that this passphrase could be grabbed by any other process running on the machine at the time, since command-line arguments are generally visible to all processes.

A better alternative is to write the passphrase into a temporary file that is protected with file permissions, and specify that:

openssl genrsa -aes128 -passout file:passphrase.txt 3072

Or supply the passphrase on standard input:

openssl genrsa -aes128 -passout stdin 3072

You can also used a named pipe with the file: option, or a file descriptor.

To then obtain the matching public key, you need to use openssl rsa, supplying the same passphrase with the -passin parameter as was used to encrypt the private key:

openssl rsa -passin file:passphrase.txt -pubout

(This expects the encrypted private key on standard input - you can instead read it from a file using -in <file>).

Example of creating a 3072-bit private and public key pair in files, with the private key pair encrypted with password foobar:

openssl genrsa -aes128 -passout pass:foobar -out privkey.pem 3072
openssl rsa -in privkey.pem -passin pass:foobar -pubout -out privkey.pub

edited Mar 14 '17 at 03:13

answered Nov 29 '10 at 02:30

caf

233,326
40
323
462

+1 Great, that works! Thanks, if you can just help a teensy bit more then you get awarded the answer ... why won't this work? openssl rsa -in privkey.pem -pubout -passout pass:foobar -out pubkey.pem – Mawg says reinstate Monica Nov 29 '10 at 07:17
or, to put it another way - how to the public key from your command (which differed slightly from mine). I just need a matched pair. This is only "just good enough" security. – Mawg says reinstate Monica Nov 29 '10 at 07:19
4

@Mawg: Your `openssl` command is outputting the public key corresponding to the supplied private key - public keys aren't encrypted (they're not secret), so using `-passout` makes no sense. You probably want to use `-passin` there, to supply the passphrase that was used to encrypt the private key in the first step. I've also added something to the answer. – caf Nov 30 '10 at 00:07
@caf, thanks for the great feedback (+1 again). However, I am apparently too dumb to be allowed to use OpenSSL. I want the key in a file and, for some reason, `openssl genrsa 2048 -aes128 -passout pass:foobar -out privkey.pem` doesn't do that. Can you please give me two commands - one to generate the private key into a file an a second to generate the public key (also in a file)? Sorry to be such a nuisance, but I have been playing around with it & just can't make it work :-( – Mawg says reinstate Monica Nov 30 '10 at 01:37
and why -aes128? THe examples at http://www.madboa.com/geek/openssl/#key-rsa use -aes256 (no that I understand it ;-) – Mawg says reinstate Monica Nov 30 '10 at 01:42
3

@Mawg: OpenSSL doesn't like it if the `-out` param comes after the `2048` - really, that's supposed to be the last thing on the command line (I've updated my answer as such). See the last example, I think that's what you want. As for AES-128, [someone I trust in these matters](http://www.schneier.com/blog/archives/2009/07/another_new_aes.html) recommends it over AES-256. – caf Nov 30 '10 at 01:46
Thanks, I cobbled something together, see updated question for the answer – Mawg says reinstate Monica Nov 30 '10 at 02:58
Note, on Windows, gnuwin32's openssl.exe generates a corrupt key when using `-passout stdin`. It will fail to decrypt with the same passphrase. If you're hitting this, try a linux/osx machine for the 'genrsa' step and it should decrypt in all other environments. – Chris Betti Jul 09 '15 at 18:40

Stuart Cardall · Answer 2 · 2021-06-28T20:28:05.457

22

genrsa has been replaced by genpkey

The use of the genpkey program is encouraged over the algorithm specific utilities because additional algorithm options and ENGINE provided algorithms can be used.

genpkey allows you to generate the following key types:

RSA RSA-PSS EC X25519 X448 ED25519 ED448

When run manually in a terminal it will prompt for a password:

openssl genpkey -aes-256-cbc -algorithm RSA -out /etc/ssl/private/key.pem -pkeyopt rsa_keygen_bits:4096

However when run from a script the command will not ask for a password so to avoid the password being viewable as a process use a function in a shell script:

get_passwd() {
    local passwd=
    echo -ne "Enter passwd for private key: ? "; read -s passwd
    openssl genpkey -aes-256-cbc -pass pass:$passwd -algorithm RSA -out $PRIV_KEY -pkeyopt rsa_keygen_bits:$PRIV_KEYSIZE
}

edited Jun 28 '21 at 20:28

answered Aug 15 '18 at 11:59

Stuart Cardall

2,099
24
18

3

I couldn't find a statement that `genrsa` replaced by `genpkey` in provided link or any man pages of both sub-commands. Instead I understand that `genpkey` is a general form of generating keys whereas `genrsa` is responsible for `RSA` algorithm. – Fredrick Gauss Jun 27 '21 at 18:13
@FredrickGauss, indeed, it literally states: "...encouraged over the algorithm specific utilities because additional algorithm options and... algorithms can be used...", and that highlights the reason. – Artfaith Jun 24 '22 at 05:28
Oh, I see. You mean "recommended". – Fredrick Gauss Jun 24 '22 at 16:01

How to generate an openSSL key using a passphrase from the command line?

2 Answers2

Linked