Objective: Remove passphrase from a SSL private key.
To determine if your private key is encrypted with a passphrase, you will need to check its contents. If you check the header and if you see “Proc-Type” and “DEK-Info”, it usually means that the file is encrypted.
1 2 3 |
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,8179ABC3C8C29492 |
The passphrase is a key used to encrypt the file that contains the RSA private key, using a symmetric cipher. In order to use the private key, you will first need to decrypt it using a passphrase.
If someone gets hold of the encrypted private key, they wouldn’t be able to use it unless they also knew the passphrase used to encrypt the file.
To remove the passphrase from a SSL private key, we can use the openssl
command. So, if the name of the private key file is key-with-passphrase.key, then we can remove the passphrase using the following syntax.
1 |
$ openssl rsa -in key-with-passphrase.key -out key-without-passphrase.key |
The file, key-without-passphrase.key, is the output private key file but without the passphrase.