I'm writing a script that automatically enters the user's input for an openssl command, but I can't find a way of entering the required passphrase automatically by the script. What I've tried:
spawn sudo openssl x509 -req -in client.csr -CA /etc/mosquitto/ca_certificates/ca.crt -CAkey /etc/mosquitto/ca_certificates/ca.key -CAcreateserial -out client.crt -days 15;
expect 'Enter pass phrase for /etc/mosquitto/ca_certificates/ca.key:'
send '1234\n'
Doesn't work (spawn and send not found)
printf '1234\n' | sudo openssl x509 -req -in client.csr -CA /etc/mosquitto/ca_certificates/ca.crt -CAkey /etc/mosquitto/ca_certificates/ca.key -CAcreateserial -out client.crt -days 15;
Doesn't work, stays waiting for the passphrase and programs never finishes, unless I enter '1234' manually.
In other cases, it works with printf:
printf 'ES\n\n\n\n\nclient'$n'\n\n\n\n' | sudo openssl req -out client.csr -key client.key -new;
My guess is that printf doesn't work if the input it's hidden. Any ideas?
Found a way of doing it without using expect:
You basically need to include
--passin pass:'your_passphrase'in the commandFor example:
sudo openssl x509 -req -in client.csr -CA /etc/mosquitto/ca_certificates/ca.crt -CAkey /etc/mosquitto/ca_certificates/ca.key -CAcreateserial -out client.crt --passin pass:1234 -days 15;Source
There are other ways of doing it, such as loading a password file, which is more secure, as discussed here
The process that creates a password protected key file needs a password which gets used to store this output file. So, the
-passinargument you use is for reading an input file. From the documentation:Instead you need the proper option to specify the output password, i.e.
In this case to open the
/etc/mosquitto/ca_certificates/ca.keykey you need this: