Hello, > > I did this command: > > openssl req -newkey rsa:1024 -keyout testkey.pem -keyform PEM -out > testreq.pem > > to create a pair of private key (testkey.pem) and a request > certificate (testreq.pem). > > I read in book "Network Security with Openssl", it said that the > gerenated rsa private key will be unencrypted by default. But with > above command my testkey is encrypted with DES: > > -----BEGIN RSA PRIVATE KEY----- > Proc-Type: 4,ENCRYPTED > DEK-Info: DES-EDE3-CBC,D281965217BDE6FC > > JgoCOeNB6b1pLxdSM58A895HJfwuCNr0GEs6MC9qZil4Otxi8IHFC2lh1UUik6f2 > NWPE7+PD+hBKE/lxwr3U1rmHl7xx4GNJDF2ZoLxlbNFVfLSJj5zckDJQWQDkqxUD > Wd4IpUl5npxoBU5lhmCF3m4exgcZ/WXqTGB+fzB4MXGep1cg32UTX9A4Qz4a1JJ+ > yc44XAw47Vu6gpZF/88WFlkEnABdNvEAucA1s9YQNqLAETK3gwXait1TA7TzUJlo > 4zc4Cwl2Lx8b0Nn6OC/6m58vwVYVzEQbWSkWKHRVon/a7O9dyyivQnKbOtQH2WoP > hfolz/QiXrWQfWkWJ+oNFKtraMdLxjLhsOaqOG8mc1m/a3wBeI5tfCDDwGuPXnZg > K7GAPbET9R4mMKX68jWjSy7aT9M5Mp51WfMDePje/pfzJgI3Afem+eq3zrbIa0Ic > CUaJm8q9X/HoEPJtFOlpM772rBwzOJBRVGi3qro8FzRmTvyE4TKgvg+FnWo3Lw80 > t1v39AFR1eFyz9MNAxlHOV/G751ZtO1ixd7wbNDcQNEXO5OkKhYtJgMVArLJQxfr > MgVCmSB0w0cVSenMR4JzRWunQs1n8OLLZdRRvILo/XIdH0utbQjRMlpfmz71n0J/ > 7306SZZwUIj/zqjJzJuyXYN5GlWfJwe4YC9yD0ToLlOaiGX+4tOg0Fcqq3D53WB5 > CTo7DUYNkuJDYI+ILF4IbWTcpyxo23P5UcUsJwQdHdDsF8x91oe7M9f1ENKxQY9a > MFyeCLUkmmfCm0FwXXaa/ZquLotmDWgnJWxgF4tJlFknXdd3SNBa/A== > -----END RSA PRIVATE KEY----- > > Do anyone know with which option the command "openssl req -newkey rsa > ..." > generates rsa key without encryption? Add "-nodes" switch.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]