Home/ Questions/Q 6565803
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T14:08:25+00:00

I generate key/cert using openssl openssl.exe req -x509 -days 1000 -newkey rsa:1024 -keyout key.pem

  • 0

I generate key/cert using openssl

openssl.exe req -x509 -days 1000 -newkey rsa:1024 -keyout key.pem -out cert.pem

It prompts for a password. I guess that the password is used for key encryption. However I haven’t specified any cipher. What cipher is used in this case?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The default cipher is DES-EDE3-CBC, which is three-key triple DES EDE in CBC mode. You can see this in the source code file req.c.

    cipher=EVP_des_ede3_cbc();

    If you are using an OpenSSL version compiled with the option OPENSSL_NO_DES, then the library will not encrypt the key by default. This is the same behavior as if you pass the -nodes argument.

    An easier way to figure this out is just to look at your key file. It announces the cipher in the PEM header.

    $ cat key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CAFD88DF2EF2EE81
...
    • 0