> On Mar 25, 2019, at 1:53 PM, Kenneth Goldman <kgoldman@xxxxxxxxxx> wrote: > > > $ openssl ec -aes128 <<EOF > > This was the piece I was missing. Thanks. > > In the script, I used this: > > openssl ec -aes128 -passout pass:rrrr -in tmpecprivkeydec.pem -out tmpecprivkey.pem I try to avoid putting sensitive information in command-line arguments. If you're using "bash" (which has "printf" as a built-in) you could use: -passout file:<(printf "rrrr\n") which does not create any processes with the password in the argument vector. Example: $ openssl enc -aes128 -pass file:<(printf "rrrr\n") <<EOF | openssl enc -d -aes128 -pass file:<(printf "rrrr\n") > foobar > EOF foobar -- Viktor.
