Private keys may be protected with a password, which is used in the encryption process. This tutorial demonstrates how to remove password from private key using OpenSSL.
Let's say we have the following encrypted private key:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIBvTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIyoaJQO+skIICAggA
MAwGCCqGSIb3DQIJBQAwHQYJYIZIAWUDBAEqBBCRw6Qxw1H0qY3HNMVbD6kxBIIB
YEAvSCl5lKJi58BhRUxDFkKR1IbDkWBz5Tw2QSQHs680B9FF6iCVBC4Qj1m7pqbJ
eVraK1kGLv7ELbNo7YdU72oY7W7bs9hJgXbGYxtUsCLKb4y/6jdsh9tq485dUcDK
NO8oo9fMgh4V7DaibzKqNMABDn6joPTFONA1/iXGZQsgbMh9LHSHwusEQE7SrKCH
AdQGY4opU6LdmBSXTuiV8nXgQnjeBR/xuA+mvOi+CoeR1BO6kzmgCVYUNACQmpzx
OMwiNjEG4PFjyrTgY3ZGjTS9ZK+ZC3ritWdh12GO2asDmRwbZRFvYfqmnYP4ZAX3
zaPyKBKxHbMCcK64R0xqvdY5Bd8t++8P8eDdGzNZk8/Vb14ZYk2+Egsb28+1WoXZ
qZfmisKFrXe9cOMb5Y16ZboPHX4pUedefawLqM0ToR8nOgPXTk2x3+W/x5k8hr/A
x+/dMGNaFBRWFPOROmqj9nQ=
-----END ENCRYPTED PRIVATE KEY-----The openssl pkcs8 command can be used to process private keys in PKCS#8 format. To remove password and decrypt private key, use the following command:
openssl pkcs8 -topk8 -nocrypt -in test.enc.key -out test.keyA part of the output:
-----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEA3+i8CaGg06cTZWgl
...
KNkxLcXmqXjr
-----END PRIVATE KEY-----Command prompts a user to enter a password. The -passin option can be used to provide password directly in command line:
openssl pkcs8 -topk8 -passin "pass:testing123" -nocrypt -in test.enc.key -out test.keyThe meaning of options:
-topk8- reads a private key and writes a private key in PKCS#8 format.-passin "pass:testing123"- allows to provide a password to decrypt private key.-nocrypt- specifies that no need to encrypt private key.-in test.enc.key- specifies the filename to read a private key.-out test.key- specifies the filename to write a private key.
Leave a Comment
Cancel reply