-
Notifications
You must be signed in to change notification settings - Fork 42
How to change the private key password
If you find yourself needing to change the password on your private key without affecting the data that's already stored in your database, here's how to do it. The OpenSSL documentation is a little dense on this topic, but these step-by-step instructions should work.
First, move the old private key to a different location:
mv config/private.pem config/private_old.pem
Next, delete the old public key and key pair. Strictly speaking, you don't need to delete the public key, but if you want to regenerate it for some reason, you can do that:
rm config/keys/data/public.pem rm config/keys/data/keypair.pem
Now, change the password on the private key:
openssl rsa -in config/private_old.pem -out config/private.pem -des3
You'll be prompted for the old password first, followed by two prompts for a new password.
Now extract the public key and regenerate the key pair. Again, extracting the public key is optional, as it will be identical.
openssl rsa -in config/private.pem -out config/public.pem -outform PEM -pubout cat config/private.pem config/public.pem >> config/keypair.pem
That's it. Don't forget to change the password on your call to decrypt!