OpenSSL "genpkey rsa_keygen_bits:256" - RSA Short Keys

Q

How to generate a new RSA key pair with a shorter key size using OpenSSL "genpkey" command?

✍: FYIcenter.com

A

If you need a new RSA key pair with a shorter key size for testing purpose, you can use the OpenSSL "genpkey -pkeyopt rsa_keygen_bits:nnn" command. The "-pkeyopt rsa_keygen_bits:nnn" option specifies the size of the RSA key to be generated in number of bits. The default is 1024 bits.

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> genpkey -algorithm rsa -out rsa_test.key -pkeyopt rsa_keygen_bits:256
......+++++++++++++++++++++++++++
....+++++++++++++++++++++++++++

OpenSSL> pkey -in rsa_test.key -text -noout
Private-Key: (256 bit)
modulus:
    00:c6:bf:35:af:5e:96:42:5e:04:96:f1:ec:ad:86:
    d1:a9:91:87:7b:78:78:63:6d:b2:91:de:86:47:48:
    95:cc:4b
publicExponent: 65537 (0x10001)
privateExponent:
    00:be:db:f0:da:30:a3:6b:a8:8e:0f:c6:d3:da:f0:
    95:75:e8:31:4e:a0:17:ab:fb:f9:3e:1b:62:35:26:
    61:fd:c1
prime1:
    00:ec:43:b4:25:41:29:98:61:5e:06:10:ee:3d:37:
    96:07
prime2:
    00:d7:59:3a:5a:0e:67:25:e6:64:ff:04:a7:fc:88:
    66:9d
exponent1:
    63:0b:96:ef:af:3b:92:c7:ee:b4:b8:50:47:95:8f:
    ed
exponent2:
    00:d4:2c:a2:d4:76:1a:64:fa:22:8a:2c:d1:42:7c:
    35:f5
coefficient:
    00:80:a5:54:43:0f:18:97:bb:5f:72:20:24:7e:79:
    9b:6b

What this test tells us:

  • OpenSSL allows you to generate shorter RSA keys. The shortest ones with the "genpkey" commands are 256 bits. But don't use them in production systems. Any keys less than 2048-bit long is considered as unsafe.

 

OpenSSL "genpkey" Command for RSA Keys

⇒⇒OpenSSL Tutorials

2018-01-13, 759👍, 0💬