I'm exporting a key from a pkcs12 pfx file using OpenSSL
openssl pkcs12 -in my.pfx -nocerts -out my.key -passout pass: -passin pass:But it generates an error:
Error outputting keys and certificates
18408:error:0907E06F:PEM routines:DO_PK8PKEY:read key:.\crypto\pem\pem_pk8.c:130:1 Answer
So as happens with many, while writing this question, I tried so many things I figured it out :-)
in some cases you can specify "-passin pass:" followed by nothing or "-passout pass:" and it accepts this as no password, but in at least the case above, for me it threw the error above. This may be a bug in the version I'm using, I don't know.
A great workaround that doesn't fail (for me yet at least) is to create a file, I'll call it emptypw.txt, and put just a single empty line (just an lf in Linux/Unix or just a cr-lf in Windows) and then specify this empty password file for input with "-passin file:emptypw.txt" or for output with "-passout file:emptypw.txt"
This should resolve anyone's issues automating exporting with OpenSSL where you must specify the input and output passwords to prevent it from prompting for these from the user, and one or both passwords need to be empty (no password).
