> From: Viktor Dukhovni <openssl-us...@dukhovni.org> > > > > In the script, I used this: > > > > openssl ec -aes128 -passout pass:rrrr -in tmpecprivkeydec.pem > -out tmpecprivkey.pem > > I try to avoid putting sensitive information in command-line arguments. > > If you're using "bash" (which has "printf" as a built-in) you could use: > > -passout file:<(printf "rrrr\n") > > which does not create any processes with the password in the argument vector. > Example: > > $ openssl enc -aes128 -pass file:<(printf "rrrr\n") <<EOF | openssl > enc -d -aes128 -pass file:<(printf "rrrr\n") > > foobar > > EOF > foobar
Understood, but this is just for a regression test script. Thanks.