Openssl RSA Private Key Encrypt
Encrypt RSA Private Key
openssl rsa -aes256 -in your.key -out your.encrypted.keyThe -aes256 tells openssl to encrypt the key with AES256-CBC.
to decrypt a rsa encrypted key, drop the -aes256 flag:
openssl rsa -in your.encrupted.key -out your.decrypted.keyEncrypt RSA Private Key with PKCS8
openssl pkcs8 - it uses a key derivation function and supports RSA, ECC and Edwards keys:
openssl pkcs8 -topk8 -in your.key -out your.encrypted.keyFor even better security use the scrypt KDF:
openssl pkcs8 -topk8 -scrypt -in your.key -out your.encrypted.keyto decrypt a pkcs8 encrypted key, drop the -topk8 flag:
openssl pkcs8 -in your.encrypted.key -out your.decrypted.keyLast updated