encryption openssl environment-variables x509 pfx

Verifying the password of generated x509 certificate

I have created a x509 certificate. There is a set of openssl commands I used to create it, for example the first command it:

openssl genrsa -passout pass:"$MYPWD" -out privkey.key 2048

where "$MYPWD" is an environment variable where I set the password. After executing this command, how would I check that the password is actually the value of MYPWD environment variable, and not just literally "$MYPWD"?

Thank you everyone in advance!

Solution

You must specify a cypher to encrypt the output.

openssl genrsa -aes256 -passout env:MYPWD -out privkey.key 2048

To verify that the password was actually set, simply read back the key:

openssl pkey -in privkey.key

You will see the password prompt.

You can also inspect the content of the privkey.key, "ENCRYPTED"... will be there.

cat privkey.key

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,3A2E02985A117F7266F9664420F685B2

...

Decrypting JavaScript Web Crypto API (RSA-OAEP) in Java
Include nonce and block count in PyCrypto AES MODE_CTR
How to do PGP in Python (generate keys, encrypt/decrypt)
How to encrypt decrypt with Node.js crypto module?
AES 256 Encryption/Decryption without IV
Python 3 Fernet Decryption Succeeds with Slightly Modified Encryption Key
AES/GCM/NoPadding encryption in Swift iOS (min deployment 12.1) doesn't produce expected ciphertext length
Full text search on encrypted data
ECDH Curve 25519 Key Generation c implementation in Libgcrypt
Is it okay to encrypt a 3rd party access token and refresh token, in an encrypted JWT?
How does Maven 3 password encryption work?
Do we need encrypt session id before saving it into database
PGP BouncyCastle + Kleopatra Decryption: Unknown Packet Type: 20
Decrypting a p7m file using CNG
The output gives the same result
pyAesCrypt crypt dictionary, save cipher text to file then read file and decrypt
nodejs recover createCipher data with createCipheriv
Vigenere Cipher Decryption Issues
SQL outer join vs Neo4J Cypher
(dart) replaceAll method in a string in a loop (cypher)
how to convert output of a cipher text to numeric digits?
Cannot access closed stream wih CrypoStream
IntelliJ changes cipher spec after I set it in the properties
Replicating hkdf2 key derivation in C
String Encryption with JASYPT + Hibernate + Spring
Strings of unsigned chars
Encrypting/decrypting some file types with Rijndael 256 (CakePHP Security library) garbles contents
openssl_pkey_get_details($res) returns no public exponent
Bókun signature generation; what am I missing?
(PY) Error Message : cannot import name 'pkcs1_15'