我使用 openssl 生成密钥/证书
I generate key/cert using openssl
openssl.exe req -x509 -days 1000 -newkey rsa:1024 -keyout key.pem -out cert.pem它会提示输入密码.我猜密码用于密钥加密.但是我没有指定任何密码.在这种情况下使用什么密码?
It prompts for a password. I guess that the password is used for key encryption. However I haven't specified any cipher. What cipher is used in this case?
推荐答案默认密码为 DES-EDE3-CBC,即 CBC 模式下的三键三重 DES EDE.您可以在源代码文件 req.c 中看到这一点.
The default cipher is DES-EDE3-CBC, which is three-key triple DES EDE in CBC mode. You can see this in the source code file req.c.
cipher=EVP_des_ede3_cbc();如果您使用的是使用选项 OPENSSL_NO_DES 编译的 OpenSSL 版本,则默认情况下该库不会加密密钥.这与您通过 -nodes 参数.
If you are using an OpenSSL version compiled with the option OPENSSL_NO_DES, then the library will not encrypt the key by default. This is the same behavior as if you pass the -nodes argument.
解决这个问题的更简单方法就是查看您的密钥文件.它在 PEM 标头中宣布密码.
An easier way to figure this out is just to look at your key file. It announces the cipher in the PEM header.
$ cat key.pem -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,CAFD88DF2EF2EE81 ...更多推荐
OpenSSL 中 PEM 格式的默认密码是什么?
发布评论