It is not clear to me what the second command does
openssl genrsa -des3 -passout pass:123 -out private/server.key 2048
openssl rsa -passin pass:123 -in private/server.key -out private/server.key
The first one generate a RSA key encrypted using des3 with pass 123. What about the second one? Does it remove the password?
Thank you,
The first one generate a RSA key encrypted using des3 with pass 123. What about the second one? Does it remove the password?
Yes, that is what is happening. The normal form for removing a passphrase from an encrypted private key is:
rsa -in some.key -out some.key
This prompts the user for the passphrase at the command line.
The use of -passin stems from the fact (as noted) the key was encrypted in the first step and whomever wrote the command wanted the passphrase supplied automatically (with no prompting).
Specifically, -passin indicates "the input file password source", which can be a password, a file or other arguments.
