Of course you can add/remove a passphrase at a later time.
- add one (assuming it was an
rsakey, else use
openssl rsa -aes256 -in your.key -out your.encrypted.key mv your.encrypted.key your.key
opensslto encrypt the key with AES256.
As ArianFaurtosh has correctly pointed out: For the encryption algorithm you can use
des(which you definitely should avoid),
- remove it
openssl rsa -in your.key -out your.open.key
you will be asked for your passphrase one last time
by omitting the
opensslto not encrypt the output.
mv your.open.key your.key