There is the option to protect private keys with a password (passed to the constructor of EvseSecurity).
The result is a PEM file that starts "-----BEGIN ENCRYPTED PRIVATE KEY-----"
When there is no password the following would be expected: "-----BEGIN PRIVATE KEY-----"
(TPM keys start with other strings)
At the moment when there is no password specified an empty password is used and the resulting file is still "-----BEGIN ENCRYPTED PRIVATE KEY-----".
I was hoping to use a generated key for mosquitto TLS and mosquitto doesn't support encrypted private key files.
My work around is to use OpenSSL to remove the encryption:
There is the option to protect private keys with a password (passed to the constructor of EvseSecurity). The result is a PEM file that starts "-----BEGIN ENCRYPTED PRIVATE KEY-----" When there is no password the following would be expected: "-----BEGIN PRIVATE KEY-----" (TPM keys start with other strings)
At the moment when there is no password specified an empty password is used and the resulting file is still "-----BEGIN ENCRYPTED PRIVATE KEY-----".
I was hoping to use a generated key for mosquitto TLS and mosquitto doesn't support encrypted private key files. My work around is to use OpenSSL to remove the encryption:
Perhaps EvseSecurity should be updated to generate unencrypted key files when no password is specified (which would match expectation).