Default cipher that OpenSSL used to encrypt a PEM file
Having generated couple of PEM files with OpenSSL for testing and writing tutorial purpose. Sometimes I wonder if OpenSSL has a default cipher selected just in case there is no cipher given as parameter.
For example, running this command below
openssl req -x509 -days 365 -newkey rsa:2048 -keyout key.pem -out cert.pem
will prompt me for password to be used for encrypting the key.pem files... but with which type of encryption cipher ?
One way to find out is to look into the generated key.pem file.
more key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,D00B327DC8F6FEF4
From the information, it seems that the default cipher is DES-EDE3-CBC and this is confirmed to be true after digging through the OpenSSL's source code at https://github.com/openssl/openssl/blob/master/apps/req.c
line 198 to 199 :
#ifndef OPENSSL_NO_DES
cipher=EVP_des_ede3_cbc();
Depending on what you are trying to achieve... you can change the encryption cipher by processing the key.pem file and produce a new file encrypted with different cipher.
For example :
openssl pkcs8 -in key.pem -topk8 -v2 aes-256-cbc -out aes256key.pem
will produce a AES-256 encrypted pem file. (See more examples at https://www.openssl.org/docs/apps/pkcs8.html)
See also : nginx: [emerg] unknown directive "ssl"
By Adam Ng
IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.
Advertisement
Tutorials
+12k Golang : convert(cast) string to integer value
+5.8k Golang : Launching your executable inside a console under Linux
+10.8k Golang : How to transmit update file to client by HTTP request example
+25.8k Golang : How to read integer value from standard input ?
+25.2k Golang : Get current file path of a file or executable
+6.9k Golang : Fibonacci number generator examples
+13k Golang : Convert(cast) uintptr to string example
+8.3k Useful methods to access blocked websites
+24.4k Golang : How to validate URL the right way
+26.5k Golang : Encrypt and decrypt data with AES crypto
+8.7k Golang : Random integer with rand.Seed() within a given range
+17.6k Convert JSON to CSV in Golang