D.89. tarantella security decryptkey

Decrypts an encrypted private key so that you can use it with SGD. This enables you to use an SSL certificate that you are already using with another product such as a web server, rather than obtaining a separate SSL certificate for use exclusively with SGD.

Syntax

tarantella security decryptkey --enckey enckeyfile
                               --deckey deckeyfile
                             [ --format PEM|DER ]

Description

The following table shows the available options for this command.

Option

Description

--enckey

Specifies the location of the encrypted private key that you want to decrypt. Only keys encrypted by a product that uses SSLeay or OpenSSL certificate libraries can be decrypted.

You must specify the full path to the encrypted private key file. The path must be readable by the ttasys user.

--deckey

Specifies a file where the decrypted key is stored.

Note

For security reasons, it is very important to restrict access to private keys, especially when stored in an unencrypted form. Access to private keys by unauthorized users can result in a serious security breach. Store private keys accordingly.

You must specify the full path to the decrypted key file. The path must be readable by the ttasys user.

--format

Specifies the format the encrypted key is stored in. Defaults to PEM.

Note

You can only decrypt private keys that were originally encrypted by a product that uses SSLeay or OpenSSL certificate libraries.

See the Section D.87, “tarantella security certuse” command for information about how to share server SSL certificates in this way.

Examples

The following example decrypts the key /opt/keys/key1, which is stored in DER format, placing the decrypted key in /opt/keys/key2.

# tarantella security decryptkey \
--enckey /opt/keys/key1 \
--deckey /opt/keys/key2 \
--format DER