Dies ist eine mehrteilige Nachricht im MIME-Format.

------=_NextPart_000_0001_01C8941E.13239D50
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hello,



I am developing a program, which uses openssl.

It batches the generation of Certificates/Private Key-Pairs.



Here an example of a (simple) console call:

openssl.exe req -days 3650 -new -keyout example.key -out example.csr -config
config.tmp



First question:

When using the option req, is it possible to change the cipher which is used
to encrypt the private key? -> The signing digest is changeable (option
"-sha1","-md5",.).

(A commandline-argument or an entry for the config-file would be fine)



My second question:

Is it possible to encrypt a Certificate Request by a password, so that a
Certificate can only be created from that Request with knowing the password?



My third (last) question:

If I omit the option -nodes, the private key file will be encrypted. The
password is asked during the creation progress by openssl. It says "Enter
PEM-Passphrase:"

Is there a way to deliver the Passphrase via a command-line argument,
instead of entering it during generation process? I don't want to save the
passphrase on disc in an file (i.e. in the openssl config-file with the
entries

input_password = mysecret

output_password = mysecret

), to higher the security level.





Thank you for your patience and for your very qood work!

Kind regards,



Frank Wendel


------=_NextPart_000_0001_01C8941E.13239D50
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

xmlns=3D"urn:schemas-microsoft-comfficeffice" =
xmlns:w=3D"urn:schemas-microsoft-comffice:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">









Hello,>>



>



I am developing a program, which =
uses
openssl.>>



It batches the generation of
Certificates/Private Key-Pairs.>>



>



Here an example of a (simple) =
console call:>>



New"'>openssl.exe
req –days 3650 –new –keyout example.key –out
example.csr –config config.tmp>>



>



First =
question:>>



When using the option =
req, is it
possible to change the cipher which is used to encrypt the private key? =
->
The signing digest is changeable (option
“-sha1”,”-md5”,…).>>



(A commandline-argument or an =
entry for the
config-file would be fine)>>



> style=3D'text-decoration:none'> >



My second =
question:
lang=3DEN-US> >>



Is it possible to encrypt a =
Certificate
Request by a password, so that a Certificate can only be created from =
that
Request with knowing the password?>>



>



My third (last) =
question:>>



If I omit the option =
–nodes,
the private key file will be encrypted. The password is asked during the
creation progress by openssl. It says “Enter =
PEM-Passphrase:
>>



Is there a way to deliver the =
Passphrase
via a command-line argument, instead of entering it during generation =
process?
I don’t want to save the passphrase on disc in an file (i.e. in =
the
openssl config-file with the entries>>



New"'>input_password
=3D mysecret>>



New"'>output_password
=3D mysecret>>



), to higher the security =
level.>>



>



>



Thank you for your patience and =
for your
very qood work!>>



Kind =
regards,>>



>



Frank =
Wendel>>









------=_NextPart_000_0001_01C8941E.13239D50--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org