It expects two things, your password, hit return, followed by password confirmation, hit return. I tried to use EOF to pass the password out to the openssl command but it doesn’t pick it up.
The problem is that the way you have invoked openssl, it’s not reading the passwords from stdin but from the terminal directly, which is why it does not echo. You should read the section on PASS PHRASE ARGUMENTS in man openssl for how to get it to read stdin.
For security reasons, most programs requesting passwords will not read from
anything but a terminal by default.
To input the password/passphrase as you desire, you’ll need to slightly
adjust your command line in your script.
From the openssl man page (man openssl):
=====
PASS PHRASE ARGUMENTS
Several commands accept password arguments, typically using -passin and
-passout for input and output passwords respectively. These allow the
password to be obtained from a variety of sources. Both of these
options take a single argument whose format is described below. If no
password argument is given and a password is required then the user is
prompted to enter one: this will typically be read from the current
terminal with echoing turned off.
pass:password
the actual password is password. Since the password is
visible to utilities (like ‘ps’ under Unix) this form should
only be used where security is not important.
env:var
obtain the password from the environment variable var. Since
the environment of other processes is visible on certain
platforms (e.g. ps under certain Unix OSes) this option
should be used with caution.
file:pathname
the first line of pathname is the password. If the same
pathname argument is supplied to -passin and -passout
arguments then the first line will be used for the input
password and the next line for the output password. pathname
need not refer to a regular file: it could for example refer
to a device or named pipe.
fd:number
read the password from the file descriptor number. This can
be used to send the data via a pipe for example.
stdin
read the password from standard input.
So you have a variety of methods to choose from. For ease of use,
pass:xxx would work nicely in your situation:
One has to read the man page to understand the subtleties. The reason there are two options, -passin and -passout, is that passin is used when the input file is password protected and a password needs to be supplied to unlock it, and passout is used when password protecting the output file. Since “req” simply generates output, what you need is -passout, not -passin.