LibraryLink ToToggle FramesPrintFeedback

The rsa Utility

The rsa command is a useful utility for examining and modifying RSA private key files. Generally RSA keys are stored encrypted with a symmetric algorithm using a user-supplied pass phrase. The OpenSSL req command prompts the user for a pass phrase in order to encrypt the private key. By default, req uses the triple DES algorithm. The rsa command can be used to change the password that protects the private key and to convert the format of the private key. Any rsa command that involves reading an encrypted rsa private key will prompt for the PEM pass phrase used to encrypt it.

The options supported by the openssl rsa utility are as follows:

-inform arg

input format - one of DER NET PEM

-outform arg

output format - one of DER NET PEM

-in arg

inout file

-out arg

output file

-des

encrypt PEM output with cbc des

-des3

encrypt PEM output with ede cbc des using 168 bit key

-text

print the key in text

-noout

do not print key out

-modulus

print the RSA key modulus

Converting a private key to PEM format from DER format involves using the rsa utility as follows:

openssl rsa -inform DER -in MyKey.der -outform PEM -out MyKey.pem

Changing the pass phrase which is used to encrypt the private key involves using the rsa utility as follows:

openssl rsa -inform PEM -in MyKey.pem -outform PEM -out MyKey.pem -des3

Removing encryption from the private key (which is not recommended) involves using the rsa command utility as follows:

openssl rsa -inform PEM -in MyKey.pem -outform PEM -out MyKey2.pem 
[Note]Note

Do not specify the same file for the -in and -out parameters, because this can corrupt the file.