1717880 – [RFE] Add support for password-protecting the keyfile

Bug 1717880 - [RFE] Add support for password-protecting the keyfile

Summary: [RFE] Add support for password-protecting the keyfile

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 8
Classification:	Red Hat
Component:	sscg
Sub Component:
Version:	8.0
Hardware:	All
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	8.0
Assignee:	Stephen Gallagher
QA Contact:	Branislav Náter
Docs Contact:	Lenka Špačková
URL:
Whiteboard:
Depends On:
Blocks:	1672285
TreeView+	depends on / blocked

Reported:	2019-06-06 11:50 UTC by Stephen Gallagher
Modified:	2020-12-16 09:35 UTC (History)
CC List:	2 users (show)
Fixed In Version:	sscg-2.3.3-7.el8
Doc Type:	Enhancement
Doc Text:	.`sscg` now supports generating private key files protected by a password The `sscg` utility is now able to generate private key files protected by a password. This adds another level of protection for private keys, and it is required by some services, such as FreeRADIUS.
Clone Of:
Environment:
Last Closed:	2020-04-28 15:39:11 UTC
Type:	Bug
Target Upstream Version:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	sgallagher sscg issues 14	0	'None'	closed	Add support for password-protecting the keyfile	2021-01-14 04:43:45 UTC
Red Hat Product Errata	RHEA-2020:1612	0	None	None	None	2020-04-28 15:39:17 UTC

Description Stephen Gallagher 2019-06-06 11:50:44 UTC

Description of problem:
sscg generates certificates to use in place of self-signed certificates for testing environments and automatic defaults (such as mod_ssl, tog_pegasus and cockpit). Currently, it only supports creating passwordless keyfiles, since most of the current users don't need it to be protected. However, FreeRADIUS will need a password (BZ #1672285) so we should add this functionality so we can migrate FreeRADIUS to using sscg like the other services in RHEL 8.

Version-Release number of selected component (if applicable):
sscg-2.3.3-6.el8

How reproducible:
Every time

Steps to Reproduce:
1. Run `sscg` with any set of available arguments
2.
3.

Actual results:
Certificates and their keys are created, but the keyfiles cannot be created with a password.


Expected results:
There should be an option to provide the password either at the command-line or via standard input.


Additional info:

Comment 1 Stephen Gallagher 2019-06-06 14:25:34 UTC

Pull-request under review upstream:

https://github.com/sgallagher/sscg/pull/15

Comment 15 errata-xmlrpc 2020-04-28 15:39:11 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:1612

Note You need to log in before you can comment on or make changes to this bug.