typedef enum OPTION_choice {
OPT_COMMON,
+ OPT_CIPHER,
OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY,
const OPTIONS req_options[] = {
OPT_SECTION("General"),
{"help", OPT_HELP, '-', "Display this summary"},
+ {"cipher", OPT_CIPHER, 's', "Specify the cipher for private key encryption"},
#ifndef OPENSSL_NO_ENGINE
{"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
{"keygen_engine", OPT_KEYGEN_ENGINE, 's',
LHASH_OF(OPENSSL_STRING) *addexts = NULL;
X509 *new_x509 = NULL, *CAcert = NULL;
X509_REQ *req = NULL;
- EVP_CIPHER *cipher = NULL;
+ const EVP_CIPHER *cipher = NULL;
int ext_copy = EXT_COPY_UNSET;
BIO *addext_bio = NULL;
char *extsect = NULL;
case OPT_PRECERT:
newreq = precert = 1;
break;
+ case OPT_CIPHER:
+ cipher = EVP_get_cipherbyname(opt_arg());
+ if (cipher == NULL) {
+ BIO_printf(bio_err, "Unknown cipher: %s\n", opt_arg());
+ goto opthelp;
+ }
+ break;
case OPT_MD:
digest = opt_unknown();
break;
B<openssl> B<req>
[B<-help>]
+[B<-cipher>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
The data is a PKCS#10 object.
+=item B<-cipher> I<name>
+
+Specify the cipher to be used for encrypting the private key.
+The default cipher is 3DES (DES-EDE3-CBC).
+If no cipher is specified, 3DES will be used by default.
+You can override this by providing any valid OpenSSL cipher name.
+
=item B<-in> I<filename>
This specifies the input filename to read a request from.
openssl req -in req.pem -text -verify -noout
+Specify the cipher to be used for encrypting the private key:
+
+ openssl req -newkey rsa:2048 -keyout privatekey.pem -out request.csr -cipher aes-256-cbc
+
Create a private key and then generate a certificate request from it:
openssl genrsa -out key.pem 2048
projects / thirdparty / openssl.git / commitdiff
