Thank you for the fix! Was the switch from an encrypted key to an unencrypted one intentional, though?
`openssl genpkey -algorithm RSA -pass pass:foobar -out issuing_ca_key.pem` will ignore the password and generate an unencrypted key; you need to specify a cipher if you want to encrypt the key.
Thank you for the fix! Was the switch from an encrypted key to an unencrypted one intentional, though?
`openssl genpkey -algorithm RSA -pass pass:foobar -out issuing_ca_key.pem` will ignore the password and generate an unencrypted key; you need to specify a cipher if you want to encrypt the key.
# Legacy (encrypted) CBC,F313F3AC3E2 BD922
openssl genrsa -passout pass:foobar -des3 -out - 2048 2>/dev/null | head -3
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-
# Update (unencrypted)
openssl genpkey -algorithm RSA -pass pass:foobar -out - 2>/dev/null | head -1
-----BEGIN PRIVATE KEY-----
# Proposed (encrypted)
openssl genpkey -algorithm RSA -pass pass:foobar -aes-256-cbc -out - 2>/dev/null | head -1
-----BEGIN ENCRYPTED PRIVATE KEY-----