Comments (2)
commented on July 30, 2024
I agree.
Newly create private keys by default (still) use DES-EDE3-CBC. Test by running easyrsa build-ca and check ./pki/private/ca.key. Unless there is a specific reason, or an even better algorithm choice, using -aes256 would be preferable.
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC, ...
...
-----END RSA PRIVATE KEY-----
NOTE: the patch 8b42eea in #61 (see v3.0.0 changelog) seems to only affect the easyrsa set-rsa-pass and easyrsa set-ec-pass commands thought the set_pass() function. This is not enough.
from easy-rsa.
uwehermann
commented on July 30, 2024
I can confirm the problem. My temporary workaround is to use nopass for most commands, directly followed by an ./easy-rsa set-rsa-pass foo to get the desired result.
Btw., issue #17 seems related.
from easy-rsa.
Related Issues (20)
- LibreSSL: `build-*-full` uses an incorrect SSL config file HOT 1
- UT failure from `easyrsa-tools.lib` for command `show-expire`
- Importing the CA certificates for OpenVPN clients and internal domains. HOT 1
- Outline use and expansion of `openssl-easyrsa.cnf` HOT 1
- Windows 7: `gen-crl` always prompts for over-write
- `display_dn()`: Remove unnecessary subshell
- `sign-req`: `--cop-ext` is removed by `--force-safe-ssl`
- Command `write`: Allow to specify target file instead of directory
- Use of `revoke` when `revoke-expired` is intended
- one location HOT 1
- Command `revoke` must not move key and request files
- `gen-req` overwrites an existing request without confirmation
- Need Guide for Upgrading 3.0.8 to 3.1.1 HOT 1
- Understanding how to renew/revoke HOT 2
- subjectAltName should be mandatory HOT 6
- Generate client certs and keys non-interactively on Windows HOT 3
- Consider re-adding `renew` for v3.2.1 - Only v3.2.0 does not have `renew`
- Signing a CSR gives strange result HOT 3
- show-expire bug - fails to parse date HOT 4
- Generate CRLs in DER format
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from easy-rsa.