Red Hat DocumentationFuse ESBToggle FramesPrintFeedback

The rsa Utility

Purpose of the rsa utility

The rsa command is a useful utility for examining and modifying RSA private key files. Generally RSA keys are stored encrypted with a symmetric algorithm using a user-supplied pass phrase. The OpenSSL req command prompts the user for a pass phrase to encrypt the private key. By default, req uses the triple DES algorithm. The rsa command can be used to change the password that protects the private key and also to convert the format of the private key. Any rsa command that involves reading an encrypted rsa private key will prompt for the PEM pass phrase used to encrypt it.

Options

The options supported by the openssl rsa utility are as follows:

-inform arg

input format - one of DER NET PEM

-outform arg

output format - one of DER NET PEM

-in arg

inout file

-out arg

output file

-des

encrypt PEM output with cbc des

-des3

encrypt PEM output with ede cbc des using 168 bit key

-text

print the key in text

-noout

do not print key out

-modulus

print the RSA key modulus

Using the rsa Utility

Converting a private key to PEM format from DER format requires using the rsa utility as follows:

openssl rsa -inform DER -in MyKey.der -outform PEM -out MyKey.pem

Changing the pass phrase that is used to encrypt the private key requires using the rsa utility as follows:

openssl rsa -inform PEM -in MyKey.pem -outform PEM -out MyKey.pem -des3

Removing encryption from the private key (which is not recommended) requires using the rsa command utility as follows:

openssl rsa -inform PEM -in MyKey.pem -outform PEM -out MyKey2.pem 

Note

Do not specify the same file for the -in and -out parameters, because this can corrupt the file.

Comments powered by Disqus