Reputation: 589
Can I generate a private key with pyOpenSSL with a passphrase
I am using pyOpenSSL to generate CSR's in mass.
I need to generate a private key file that is passphrase protected.
Code snippet:
key = crypto.PKey()
key.generate_key(type, bits)
f = open(_keyfile, "w"
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
f.close()
I can't find anywhere in the docs that confirms whther or not I can generate a key with a passphrase.
If I was using openssl on the command line I would do the following:
${OPENSSLCMD} req -new -newkey rsa:"${KEYSIZE}" -passout pass:"${DBPASS}" -out "${DBFILE}" -keyout "${DBKEYFILE}" -subj "${CERTDN}" -config "${OPENSSLCONFIG}"
Is there a way to use pyOpenSSL to add a passphrase to a key ?
Upvotes: 2
Views: 5858
Answers (1)
Reputation: 14731
You're not far from the answer. To export the key you wrote:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
As the OpenSSL.crypto.dump_privatekey function accepts an optional argument passphrase, you could just do this:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key, passphrase='your_passphrase_here'))
EDITED:
I can't find anywhere in the docs that confirms whther or not I can generate a key with a passphrase.
Just to clarify that a passphras is not involved when generating a key, however it is when exporting the key. Also whenever you load the key using OpenSSL.crypto.load_privatekey the same passphrase is required.
Upvotes: 1
Related Questions
- How to generate a reproducable private key from pass phrase using the openssl command?
- get public key from private key with python OpenSSL
- How to generate an openSSL key using a passphrase from the command line?
- Encrypting private key in Python
- How to generate pem key and certificate with password using pyopenssl?
- Creating self-signed certificate using pyopenssl
- python version of openssl passwd
- How to implement OpenSSL functionality in Python?
- RSA encryption and decryption in Python using OpenSSL
- How do I generate public and private keys with pyOpenSSL?