OpenSSL and Key Passphrases

OpenSSL question:

I know you can create new keys easily using Ruby's OpenSSL module:

   require 'openssl'

   key = OpenSSL::PKey::DSA.new( 1024 )

However, is there a way to generate a new key that is protected by a passphrase? I've picked through the ossl source code and don't see an obvious answer to this question, so I figure it's either not possible, or the procedure for doing it is non-obvious.

Thanks for any advice!

- Jamis

Jamis Buck wrote:

OpenSSL question:

I know you can create new keys easily using Ruby's OpenSSL module:

  require 'openssl'

  key = OpenSSL::PKey::DSA.new( 1024 )

However, is there a way to generate a new key that is protected by a passphrase? I've picked through the ossl source code and don't see an obvious answer to this question, so I figure it's either not possible, or the procedure for doing it is non-obvious.

Thanks for any advice!

- Jamis

Duh. It always happens that way. I get desperate, ask the question, and then discover the answer:

   require 'openssl'

   key = OpenSSL::PKey::DSA.new( 1024 )
   puts key.export( OpenSSL::Cipher::DES.new, "howdy howdy" )

*sigh* Sorry for the noise.

I've written an SSL certificate generator tool called QuickCert that
handles a surprising amount of SSL-foo. (More than even I know it does,
probably, since its a compilation of support scripts I found lying
about.) I wrote it to help with DRb over SSL, but it is equally
suitable for use anywhere an SSL certificate or key is needed. You can
download it from:

http://segment7.net/projects/ruby/QuickCert/