How to respond to openssl prompts in nodejs

Question

I am trying to remove password from a private key file using openssl with node js.

The node js code is:

cmd = exec('/usr/bin/openssl', [
    'rsa',
    '-in',
    `${process.cwd()}/privkey.pem`, '-out', `/home/pratik/newPrivateKey.pem`
]);
cmd.stdin.write("password", 'utf8');

I referred to this SO question. But in my case, on console I just see true as output. No file is created. What I am missing?

ouni · Accepted Answer · 2018-06-06T22:50:23.767

1

You need to use child_process.spawn, and then forward its stdin and stdout through your Node script using { stdio: "inherit" }.

const child_process = require('child_process');
const openssl = child_process.spawn('openssl', [
  'rsa',
  '-in',
  "/Users/my_user/.ssh/my_key", '-out', "/Users/my_user/.ssh/unlocked_key"
], { stdio: "inherit" });

Or, for a non-interactive version, where you don't want it to prompt for the password:

const child_process = require('child_process');
const password = "somepassword";
const openssl = child_process.exec('openssl', [
  'rsa',
  '-in', "/Users/my_user/.ssh/my_key",
  '-out', "/Users/my_user/.ssh/output_key",
  '-passin', `pass:${password}`
]);

edited Jun 06 '18 at 22:50

answered Jun 06 '18 at 20:52

ouni

3,233
3
15
21

Can you give me a working example of my code? Because when I modified code as ```cmd = spawn('/usr/bin/openssl', ['rsa', '-in', `${process.cwd()}/privkey.pem`, '-out', `/home/pratik/newPrivateKey.pem`]); cmd.stdout.on('data', (data) => { cmd.stdin.write("password".toString(), 'utf8'); cmd.stdin.end(); });``` parent node process freezes. Any suggestions? – Pratik Gaikwad Jun 06 '18 at 20:55
Here is something to get you started: see https://stackoverflow.com/questions/27458502/how-to-run-interactive-shell-command-inside-node-js It involves setting up a buffer variable, listening to "data" and possibly "end" events, and also forwarding STDIN between Node and the openssl command. – ouni Jun 06 '18 at 21:07
I tried that too. First `-i` is not option with `openssl` so interactive can not be interpreted. Second I am getting `cmd.stdout` as null. Any thoughts? – Pratik Gaikwad Jun 06 '18 at 21:40
1

I was able to get this working in macOS by using `{ stdio: "inherit" }` which forwards stdin/stdout without doing the usual stream API song and dance; edited my answer to include the code, which hopefully will shed some light on your solution. – ouni Jun 06 '18 at 22:06
Was your `my_key` password protected? If the privatekey isn't password protected, then it works fine. With password protected, you need to use `stdin`. If it worked for you with password protected private key, can you please provide the entire code? – Pratik Gaikwad Jun 06 '18 at 22:14
Yes, it was password-protected; yes, that is the entire code. I just tested the output key, and that also worked. Try to test with just the script I provided, and build up from there, into your actual application. – ouni Jun 06 '18 at 22:21
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/172633/discussion-between-pratik-gaikwad-and-ouni). – Pratik Gaikwad Jun 06 '18 at 22:22

How to respond to openssl prompts in nodejs

1 Answers1