Openssl RSA Private Key Encrypt
Encrypt RSA Private Key
openssl rsa -aes256 -in your.key -out your.encrypted.key
The -aes256
tells openssl
to encrypt the key with AES256-CBC.
to decrypt a rsa encrypted key, drop the -aes256
flag:
openssl rsa -in your.encrupted.key -out your.decrypted.key
Encrypt RSA Private Key with PKCS8
openssl pkcs8
- it uses a key derivation function and supports RSA, ECC and Edwards keys:
openssl pkcs8 -topk8 -in your.key -out your.encrypted.key
For even better security use the scrypt
KDF:
openssl pkcs8 -topk8 -scrypt -in your.key -out your.encrypted.key
to decrypt a pkcs8 encrypted key, drop the -topk8
flag:
openssl pkcs8 -in your.encrypted.key -out your.decrypted.key
Last updated