Results 1 to 4 of 4

Thread: openSSL doesn't act as expected from documentation

  1. #1
    Join Date
    Nov 2008
    Location
    Northern VA
    Posts
    301

    Default openSSL doesn't act as expected from documentation

    Getting to understand encryption (I hope) so started to work with openSSL 1.0.1k on openSuse 13.2/KDE (updated to current levels). Read the MAN pages, and got two third-party docs on how-to. Can't get started very well--generating a key pair doesn't seem to work. Took a command line from the docs:
    Code:
    openssl genrsa –des3 –out ca.key 2048 
    results in a help prompt menu. Substituting -aes256 or -aes128 for -des3 either does the same or returns to the (SU) prompt. There is no opportunity to enter a password. On one attempt a file 'ca.key' was created, but it was only the private key, encrypted with an unknown p/w.
    [aside: attempting to copy a command line from Konsole caused that app to crash]
    I've heard that cryptography was complex, but this is weird. Any idea of what's happening? Something wrong with my copy of the OS, KDE, libraries?
    Leap/KDE and a film-based photographer

  2. #2

    Default Re: openSSL doesn't act as expected from documentation

    The place from which you are copying/pasting is foolishly changing a nice
    normal hyphen/dash into a special one that is not valid. Use the keyboard
    to retype it, or use this one:

    Code:
    openssl genrsa -des3 -out ca.key 2048
    On 07/06/2015 09:56 AM, konsultor wrote:
    >
    > Getting to understand encryption (I hope) so started to work with
    > openSSL 1.0.1k on openSuse 13.2/KDE (updated to current levels). Read
    > the MAN pages, and got two third-party docs on how-to. Can't get
    > started very well--generating a key pair doesn't seem to work. Took a
    > command line from the docs:
    >
    > Code:
    > --------------------
    > *openssl genrsa –des3 –out ca.key 2048 *
    > --------------------
    > results in a help prompt menu. Substituting -aes256 or -aes128 for
    > -des3 either does the same or returns to the (SU) prompt. There is no
    > opportunity to enter a password. On one attempt a file 'ca.key' was
    > created, but it was only the private key, encrypted with an unknown p/w.
    >
    > [aside: attempting to copy a command line from Konsole caused that app
    > to crash]
    > I've heard that cryptography was complex, but this is weird. Any idea
    > of what's happening? Something wrong with my copy of the OS, KDE,
    > libraries?
    >
    >


    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...

  3. #3
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    11,286
    Blog Entries
    2

    Default Re: openSSL doesn't act as expected from documentation

    Quote Originally Posted by konsultor View Post
    Getting to understand encryption (I hope) so started to work with openSSL 1.0.1k on openSuse 13.2/KDE (updated to current levels). Read the MAN pages, and got two third-party docs on how-to. Can't get started very well--generating a key pair doesn't seem to work. Took a command line from the docs:
    Code:
    openssl genrsa –des3 –out ca.key 2048 
    results in a help prompt menu. Substituting -aes256 or -aes128 for -des3 either does the same or returns to the (SU) prompt. There is no opportunity to enter a password. On one attempt a file 'ca.key' was created, but it was only the private key, encrypted with an unknown p/w.
    [aside: attempting to copy a command line from Konsole caused that app to crash]
    I've heard that cryptography was complex, but this is weird. Any idea of what's happening? Something wrong with my copy of the OS, KDE, libraries?
    When I copied your cert generation command, I also got a help dialogue.
    But, when I typed the command in manually, it works fine.

    You probably have some kind of hidden characters in your text.

    I'd also caution you against using the filename "ca.key" unless you really are setting up an Authority. Recommend some other descriptive simple name if used for a specific task.

    TSU

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    25,149

    Default Re: openSSL doesn't act as expected from documentation

    The character used there is U+2013 or EN DASH instead of U+002D or HYPEN-MINUS.

    You do not identify te document that contains this. It could be that it is not realy in that document for copy/paste, but when it is advertised there as something you could use directly, you may give them a hint that this is not realy as it should be.
    Henk van Velden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •