OpenSSL 中 PEM 格式的默认密码是什么? [英] what is default cipher for PEM format in OpenSSL?

问题描述

我使用 openssl 生成密钥/证书

I generate key/cert using openssl

openssl.exe req -x509 -days 1000 -newkey rsa:1024 -keyout key.pem -out cert.pem

它会提示输入密码.我猜密码用于密钥加密.但是我没有指定任何密码.在这种情况下使用什么密码?

It prompts for a password. I guess that the password is used for key encryption. However I haven't specified any cipher. What cipher is used in this case?

推荐答案

默认密码为 DES-EDE3-CBC，即 CBC 模式下的三键三重 DES EDE.您可以在源代码文件 req.c 中看到这一点.

The default cipher is DES-EDE3-CBC, which is three-key triple DES EDE in CBC mode. You can see this in the source code file req.c.

cipher=EVP_des_ede3_cbc();

如果您使用的是使用选项 OPENSSL_NO_DES 编译的 OpenSSL 版本，则默认情况下该库不会加密密钥.这与您通过 -nodes 参数.

If you are using an OpenSSL version compiled with the option OPENSSL_NO_DES, then the library will not encrypt the key by default. This is the same behavior as if you pass the -nodes argument.

解决这个问题的更简单方法就是查看您的密钥文件.它在 PEM 标头中宣布密码.

An easier way to figure this out is just to look at your key file. It announces the cipher in the PEM header.

$ cat key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CAFD88DF2EF2EE81
...

这篇关于OpenSSL 中 PEM 格式的默认密码是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！