[strongSwan] Password protection on private key using PKI tool
andreas.steffen at strongswan.org
Sat Mar 28 08:59:21 CET 2020
no the strongSwan pki tool does not support password protection of
private keys. But after generating a key with e.g.
pki --gen --type rsa --size 3072 --outform pem > key.pem
you can protect it with a password using openssl:
openssl rsa -in key.pem -aes256 -out key.pem
Enter pass phrase for key.pem:
The pki tool can load encrypted keys, though, e.g.
pki --self --type rsa --in key.pem --dn "C=CH, O=Test, CN=Joe" \
--outform pem > cert.pem
Private key passphrase:
Hope this helps!
On 14.03.20 20:17, driesm.michiels at gmail.com wrote:
> Hi Strongswan Mail list,
> This is a quick question regarding certificates/keys created with the
> PKI tool.
> Does the PKI tool currently support password protection of private keys?
> This would mean that regardless of the key install on a client one still
> needs the password to use them.
Andreas Steffen andreas.steffen at strongswan.org
strongSwan - the Open Source VPN Solution! www.strongswan.org
Institute for Networked Solutions
HSR University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)
More information about the Users