OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:3" - RSA Public Exponent

Q

How to generate a new RSA key pair with a different public exponent using OpenSSL "genpkey" command?

✍: FYIcenter.com

A

If you need a new RSA key pair with a different public exponent for testing purpose, you can use the OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:nnn" command. The "-pkeyopt rsa_keygen_pubexp:nnn" option specifies the public exponent of the RSA key to be generated. The default is 65537 (0x10001).

C:\Users\fyicenter>\local\openssl\openssl
OpenSSL> genpkey -algorithm rsa -out rsa_test.key -pkeyopt rsa_keygen_bits:256 
   -pkeyopt rsa_keygen_pubexp:3
.......+++++++++++++++++++++++++++
.+++++++++++++++++++++++++++

OpenSSL> pkey -in rsa_test.key -text -noout
Private-Key: (256 bit)
modulus:
    00:ca:80:eb:92:d7:16:1e:4a:3d:6e:52:26:cb:14:
    b9:56:b2:ed:d2:c1:62:51:5a:23:50:22:90:32:50:
    8a:b8:c7
publicExponent: 3 (0x3)
privateExponent:
    00:87:00:9d:0c:8f:64:14:31:7e:49:8c:19:dc:b8:
    7b:8d:f1:70:b8:4d:46:04:b7:f2:44:26:98:0e:59:
    48:f8:bb
prime1:
    00:f6:3a:bf:bd:6b:a2:04:20:c4:6f:f3:32:78:65:
    6e:4d
prime2:
    00:d2:89:fe:90:0d:a8:42:17:25:78:b8:ea:52:37:
    d5:63
exponent1:
    00:a4:27:2a:7e:47:c1:58:15:d8:4a:a2:21:a5:98:
    f4:33
exponent2:
    00:8c:5b:ff:0a:b3:c5:81:64:c3:a5:d0:9c:36:cf:
    e3:97
coefficient:
    60:c1:e8:18:d0:b7:e8:32:f3:2a:04:3d:5a:d5:c9:
    51

What this test tells us:

  • OpenSSL allows you to generate RSA keys with a default public exponent of 65537.
  • If you don't like it, you can provide your own selection of public exponent of 3, for example. The private key and public key seem to be good.

 

OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:1" - Bad RSA Key

OpenSSL "genpkey rsa_keygen_bits:10240" - RSA Long Keys

OpenSSL "genpkey" Command for RSA Keys

⇑⇑ OpenSSL Tutorials

2018-01-06, 4724🔥, 0💬