The rsa command is a useful utility for examining and modifying RSA private key files. Generally RSA keys are stored encrypted with a symmetric algorithm using a user-supplied pass phrase. The OpenSSL req command prompts the user for a pass phrase to encrypt the private key. By default, req uses the triple DES algorithm. The rsa command can be used to change the password that protects the private key and also to convert the format of the private key. Any rsa command that involves reading an encrypted rsa private key will prompt for the PEM pass phrase used to encrypt it.
The options supported by the openssl rsa utility are as follows:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Converting a private key to PEM format from DER format requires using the rsa utility as follows:
openssl rsa -inform DER -in MyKey.der -outform PEM -out MyKey.pem
Changing the pass phrase that is used to encrypt the private key requires using the rsa utility as follows:
openssl rsa -inform PEM -in MyKey.pem -outform PEM -out MyKey.pem -des3
Removing encryption from the private key (which is not recommended) requires using the rsa command utility as follows:
openssl rsa -inform PEM -in MyKey.pem -outform PEM -out MyKey2.pem
![[Note]](imagesdb/note.gif) | Note |
|---|---|
Do not specify the same file for the |
 |  |  |
 |
