Add/remove passphrase to a private key

Posted on by phong

https://security.stackexchange.com/questions/59136/can-i-add-a-password-to-an-existing-private-key/59164

Of course you can add/remove a passphrase at a later time.

  • add one (assuming it was an rsa key, else use dsa) 
    openssl rsa -aes256 -in your.key -out your.encrypted.key
mv your.encrypted.key your.key

    the -aes256 tells openssl to encrypt the key with AES256.

    As ArianFaurtosh has correctly pointed out: For the encryption algorithm you can use aes128aes192aes256camellia128camellia192camellia256des (which you definitely should avoid), des3 or idea

  • remove it 
    openssl rsa -in your.key -out your.open.key

    you will be asked for your passphrase one last time
    by omitting the -aes256 you tell openssl to not encrypt the output.

    mv your.open.key your.key

Written by phong

View all author posts →

View Larger Map