Of course you can add/remove a passphrase at a later time.
- add one (assuming it was an
rsa
key, else usedsa
)openssl rsa -aes256 -in your.key -out your.encrypted.key mv your.encrypted.key your.key
the
-aes256
tellsopenssl
to encrypt the key with AES256.As ArianFaurtosh has correctly pointed out: For the encryption algorithm you can use
aes128
,aes192
,aes256
,camellia128
,camellia192
,camellia256
,des
(which you definitely should avoid),des3
oridea
- remove it
openssl rsa -in your.key -out your.open.key
you will be asked for your passphrase one last time
by omitting the-aes256
you tellopenssl
to not encrypt the output.mv your.open.key your.key