how do I use a passphrase file with openssl pkeyutl -decrypt?
This is a question about pkeyutl, but I don't have enough reputation to make a new tag for it.
I want to encrypt and decrypt small files (specifically: passwords for AES256) using openssl's pkeyutl with RSA keys (PEM format), with the private keys encrypted and the passphrase being given via a file. I have been able to do so just fine if my private key is unencrypted, or if I use rsautl instead of pkeyutl. I can't find anything online about how to use a passphrase from a file, and none of the things I tried I've worked. The online documentation (http://www.openssl.org/docs/apps/pkeyutl.html) says to use "-passin arg", and arg should be file:passphrasefile in my case.
This is what I've tried: $ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
$ openssl pkeyutl -decrypt -in ciphertext.bin -inkey privpphr.pem -passin file:pphr.test -out received.txt
$ cat pphr.test | openssl pkeyutl -decrypt -in ciphertext.bin -inkey privpphr.pem -passin stdin -out received.txt
Note that the private key privpphr.pem is one I just created and encrypted using the passphrase in the file named "pphr.test" -- I gave that filename as an argument during key generation, like this:
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 -out privpphr.pem -des3 -pass file:pphr.test
I also tried '-pass' instead of '-passin', despite the documentation clearly saying '-passin'.
In each case, I get prompted to enter the passphrase manually when trying to decrypt. If I type it in manually, the decryption works. So the issue seems to be about not accepting it from the file.
Is there a way to use a passphrase from a file? How? Thanks.
This is a question about pkeyutl, but I don't have enough reputation to make a new tag for it.
I want to encrypt and decrypt small files (specifically: passwords for AES256) using openssl's pkeyutl with RSA keys (PEM format), with the private keys encrypted and the passphrase being given via a file. I have been able to do so just fine if my private key is unencrypted, or if I use rsautl instead of pkeyutl. I can't find anything online about how to use a passphrase from a file, and none of the things I tried I've worked. The online documentation (http://www.openssl.org/docs/apps/pkeyutl.html) says to use "-passin arg", and arg should be file:passphrasefile in my case.
This is what I've tried: $ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010
$ openssl pkeyutl -decrypt -in ciphertext.bin -inkey privpphr.pem -passin file:pphr.test -out received.txt
$ cat pphr.test | openssl pkeyutl -decrypt -in ciphertext.bin -inkey privpphr.pem -passin stdin -out received.txt
Note that the private key privpphr.pem is one I just created and encrypted using the passphrase in the file named "pphr.test" -- I gave that filename as an argument during key generation, like this:
$ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 -out privpphr.pem -des3 -pass file:pphr.test
I also tried '-pass' instead of '-passin', despite the documentation clearly saying '-passin'.
In each case, I get prompted to enter the passphrase manually when trying to decrypt. If I type it in manually, the decryption works. So the issue seems to be about not accepting it from the file.
Is there a way to use a passphrase from a file? How? Thanks.
No comments:
Post a Comment