OpenSSL enforces the minimum password length to be 4 characters. However, this enforcement should be only applied during encryption, not decryption. The current version does not allow decrypting when the prompted-for password is too short:
$ openssl rsa -check -in rsa.key -noout Enter pass phrase for rsa.key: 1312:error:28069065:lib(40):UI_set_result:result too small:crypto/ui/ui_lib.c:847:You must type in 4 to 511 characters Enter pass phrase for rsa.key: Specifying the password on the command line works as expected: $ openssl rsa -check -in rsa.key -passin pass:foo -noout RSA key ok $ ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
