diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2be3197..1aa0a78 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 * verify_ca_password() looks for a previously set password and verifies it
 * Extract cert_end_date() function
 * Extract is_user() and is_group() functions
+* Extract ask_user_password() function
 * Extract variables for files
 * Use inline pass phrase arguments
 
diff --git a/shellpki b/shellpki
index 6657358..2bc02e0 100755
--- a/shellpki
+++ b/shellpki
@@ -214,7 +214,7 @@ ask_ca_password() {
     fi
     if [ -z "${CA_PASSWORD}" ]; then
         stty -echo
-        printf "Password for CA key : "
+        printf "Password for CA key: "
         read -r CA_PASSWORD
         stty echo
         printf "\n"
@@ -225,6 +225,19 @@ ask_ca_password() {
         ask_ca_password "${attempt}"
     fi
 }
+ask_user_password() {
+    trap 'unset PASSWORD' 0
+
+    stty -echo
+    printf "Password for user key: "
+    read -r PASSWORD
+    stty echo
+    printf "\n"
+
+    if [ -z "${PASSWORD}" ]; then
+        warning "Warning: empty password from input"
+    fi
+}
 
 create() {
     from_csr=0
@@ -435,16 +448,7 @@ create() {
         ask_ca_password 0
 
         if [ "${ask_pass}" -eq 1 ]; then
-            trap 'unset PASSWORD' 0
-            stty -echo
-            printf "Password for user key : "
-            read -r PASSWORD
-            stty echo
-            printf "\n"
-
-            if [ -z "${PASSWORD}" ]; then
-                warning "Warning: empty password from input"
-            fi
+            ask_user_password
         fi
 
         # generate private key