I am using pyOpenSSL to generate CSR's in mass.
I need to generate a private key file that is passphrase protected.
Code snippet:
key = crypto.PKey()
key.generate_key(type, bits)
f = open(_keyfile, "w"
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
f.close()
I can't find anywhere in the docs that confirms whther or not I can generate a key with a passphrase.
If I was using openssl on the command line I would do the following:
${OPENSSLCMD} req -new -newkey rsa:"${KEYSIZE}" -passout pass:"${DBPASS}" -out "${DBFILE}" -keyout "${DBKEYFILE}" -subj "${CERTDN}" -config "${OPENSSLCONFIG}"
Is there a way to use pyOpenSSL to add a passphrase to a key ?
You're not far from the answer. To export the key you wrote:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key))
As the OpenSSL.crypto.dump_privatekey function accepts an optional argument passphrase, you could just do this:
f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, key, passphrase='your_passphrase_here'))
EDITED:
I can't find anywhere in the docs that confirms whther or not I can generate a key with a passphrase.
Just to clarify that a passphras is not involved when generating a key, however it is when exporting the key. Also whenever you load the key using OpenSSL.crypto.load_privatekey the same passphrase is required.