问题
I generate key/cert using openssl
openssl.exe req -x509 -days 1000 -newkey rsa:1024 -keyout key.pem -out cert.pem
It prompts for a password. I guess that the password is used for key encryption. However I haven't specified any cipher. What cipher is used in this case?
回答1:
The default cipher is DES-EDE3-CBC, which is three-key triple DES EDE in CBC mode. You can see this in the source code file req.c.
cipher=EVP_des_ede3_cbc();
If you are using an OpenSSL version compiled with the option OPENSSL_NO_DES, then the library will not encrypt the key by default. This is the same behavior as if you pass the -nodes argument.
An easier way to figure this out is just to look at your key file. It announces the cipher in the PEM header.
$ cat key.pem
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CAFD88DF2EF2EE81
...
来源:https://stackoverflow.com/questions/7402230/what-is-default-cipher-for-pem-format-in-openssl