Cryptography Tutorials - Tutorial Addendum - OpenSSL - Breeding RSA Clandestine and Accessible Keys

(Continued from antecedent part...)

    

Encrypting RSA Keys

    

Since RSA keys contains a clandestine key, which should not be allotment with

    

anyone else. So it s acerb recommended to abundance the RSA keys in an

    

encrypted anatomy with a countersign to assure them.

    

Here is how to use OpenSSL to accomplish a RSA key brace and encrypt it

    

DES3 algorithm:

    

 

    
>openssl genrsa -des3 -out _rsa.key

    
Loading  awning  into accidental accompaniment - done

    
Generating RSA clandestine key, 2048 bit continued modulus

    
...............................................+++

    
................................................................+++

    
e is 65537 (0x10001)

    
Enter canyon byword for user.key: mykey

    
Verifying - Access canyon byword for user.key: mykey

    
>type _rsa.key

    
-----BEGIN RSA Clandestine KEY-----

    
Proc-Type: 4,ENCRYPTED

    
DEK-Info: DES-EDE3-CBC,61523E68F580569D

    
MC5FNOEYflddyBF2orcTtzHSUpzrevcxZpbUU827hdmgDEoZKg54VVd9xGnxnodm

    
hq1LSenM1AxWO5Bzzmxr3WCiz94xPxNSUd/1f9eonaVZT7CaVzn533lj3G26uvtO

    
OyNXyBcb/kUGHXeCeGU322lB1p8gShOC/P9ip/wQvlR2yaSQGc4xKwON7O4dAvtM

    
rfoV0YJNCiK/tbK/5YBykMTYBsIAqJRmKKyAILd38dd0/lDTmLDxn2SEmMmuGjTC

    
yYEXZfW1PJn+gELSD1xysQ58wVtBXvdbQWG0RJYukseLurZABSyz4Lvg8fUboBAJ

    
42DFO101aaCWR/uuZefNPbPzBWrdh2w+ptqxWTKTOTYoqgrW15VdRE/4YH1N8R8a

    
wbzOS1oDbiRWH2WXcJ+E1dxh4UEoGuNkCV8W3nmVTvE=

    
-----END RSA Clandestine KEY-----

    

Perfect. This added constant "-des3" triggers the "genrsa" command to accomplish a key brace

    

and encrypt it anon with DES-EDE3-CBC algorithm.

    

The aloft command is acceptable for encrypting the key brace at the time of generation.

    

How about encrypt a key brace ahead generated? This could be done by the "rsa"

    

command:

    

 

    
>openssl genrsa -out _rsa.key

    
Loading  awning  into accidental accompaniment - done

    
Generating RSA clandestine key, 512 bit continued modulus

    
....++++++++++++

    
.++++++++++++

    
e is 65537 (0x10001)

    
>type _rsa.key

    
-----BEGIN RSA Clandestine KEY-----

    
MIIBOwIBAAJBAKnmGcbuiAGG2XKek5LbVwF7AoT8HuNXXip7KyWevbrFlSxJWSjf

    
pmeGJo7/Nsw6hFwor28RyAy1wsW5BNYOXdECAwEAAQJAQsEsI6OZQLBRQ93Wsf8I

    
goZoiQPexwiO8TYPz+o9NeLELOzhYHiKuzOO5c2oVYXTSgM9IMCCo35fkzOlTdyj

    
oQIhANe/bnRWtO+7gSbcqmINtFW12pbkgzQ+SlQxp7HSNL3FAiEAyZjTrFGKlG9k

    
Ub4EcNFkWjIzOM/vHifYdmB/ZO9ZzJ0CIHEnEYMqxpLFQKNlMGdk0KPzUMW666VG

    
1iz6Lf1xRgARAiEAplhZiR27iKGlmKF/TowpDxfPFjjVaP+d6IfVdrbdVS0CIQCY

    
OHLGbU3QZn2VjSUH/BF4kP7cEPDngxbYiZ2+f2D77Q==

    
-----END RSA Clandestine KEY-----

    
>openssl rsa -in _rsa.key -des -out _rsa_des.key

    
writing RSA key

    
Enter PEM canyon phrase:

    
Verifying - Access PEM canyon phrase:

    
>type _rsa_des.key

    
-----BEGIN RSA Clandestine KEY-----

    
Proc-Type: 4,ENCRYPTED

    
DEK-Info: DES-CBC,C386818044590B20

    
10JtM182aDIEMcGLGHXC51woLVdcsYWAAp0tCI1NKJRy/ZBKQLs7gzgGD9ZFBA3D

    
eZ0W7CVT226yDNSAq/3G+st1cR3kfFmxO3cfT8DHKV4zJVLSRrKfklURp0SdfaB6

    
LLpbdz9OSwxYphVTBTQAaeLYBipZhyV5BJZeQH40b5S3SclHid5Bn3SaxmFIgRCp

    
X07GQkiVU+KLhW4Q2v7uV7qU/dlym7WAsxlw4vEw9EhLw2RTPGEC0IaTzPtgWnsE

    
wQcvS0gDg5C8sP/rpHdQcZFCqpt4+n9M/p1Ciz1d0DNYRefvZnmf9w/z02oT3KY+

    
nJxrL6kh2kYVUOQKSwlA4Swtt4lPy6gimg+1xG96+BnrG803FYQ23rlusCThg+yw

    
lHpltupnF9YW38dParIlLsxMxFRhRc8qNZSAwnBHP78=

    
-----END RSA Clandestine KEY-----

    

Conclusion

    

We accept abstruse two commands here: genrsa and rsa. They can be acclimated generate, appearance and encrypt RSA key pairs.