Rod Gilchrist wrote:
>
>
> whoops, one missing snippet:
>
> static int read_password_callback(char *buf, int num, int w, void *userdata)
> {
> char *pwd = (char *)userdata;
>
> memset(buf,0,(unsigned int)num);
> strncpy(buf, pwd, num-1);
> return (strlen(buf));
> }
>
> BTW, pats on the back all around to Dr Steve and the OpenSSL team. You guys are
> doing a great job.
>
> For the other newbies (besides me that is) out there, you _can_ hack this code.
> The documentation is more hard-to-find than non-existant. Check out
> www.openssl.org
> under 'Related' (the Columbia link is good for subroutine and package
> documentation
> like this password thing) rather than 'Documents' on the home page.
>
Except this is all changing :-)
Anyway I'd omitted genrsa from my list of things to add command line
password support to. Thats fixed now. With the latest snapshot you can
do:
openssl genrsa -des3 -passout hello -out file.pem
or preferably use -envpassout for an environment variable. This is now
all documented in the command line manual pages.
There's also a new callback defined called PEM_cb which does this
automatically, if the extra parameter is NULL it prompts for the
password as normal if it is not NULL then it is taken as the null
terminated password to use.
So you can do:
PEM_write_bio_PrivateKey(out, key, EVP_des3(), NULL, 0, PEM_cb,
"hello");
Actually now I think about it this could be made the default behaviour
if the callback is NULL without breaking anything. Unless there is
something left over that uses a shared library from before the time when
the extra parameter was used.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
