OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:3" - RSA Public Exponent

Q

How to generate a new RSA key pair with a different public exponent using OpenSSL "genpkey" command?

✍: FYIcenter.com

A

If you need a new RSA key pair with a different public exponent for testing purpose, you can use the OpenSSL "genpkey -pkeyopt rsa_keygen_pubexp:nnn" command. The "-pkeyopt rsa_keygen_pubexp:nnn" option specifies the public exponent of the RSA key to be generated. The default is 65537 (0x10001).

C:\Users\fyicenter>\local\openssl\openssl
OpenSSL> genpkey -algorithm rsa -out rsa_test.key -pkeyopt rsa_keygen_bits:256 
   -pkeyopt rsa_keygen_pubexp:3
.......+++++++++++++++++++++++++++
.+++++++++++++++++++++++++++

OpenSSL> pkey -in rsa_test.key -text -noout
Private-Key: (256 bit)
modulus:
    00:ca:80:eb:92:d7:16:1e:4a:3d:6e:52:26:cb:14:
    b9:56:b2:ed:d2:c1:62:51:5a:23:50:22:90:32:50:
    8a:b8:c7
publicExponent: 3 (0x3)
privateExponent:
    00:87:00:9d:0c:8f:64:14:31:7e:49:8c:19:dc:b8:
    7b:8d:f1:70:b8:4d:46:04:b7:f2:44:26:98:0e:59:
    48:f8:bb
prime1:
    00:f6:3a:bf:bd:6b:a2:04:20:c4:6f:f3:32:78:65:
    6e:4d
prime2:
    00:d2:89:fe:90:0d:a8:42:17:25:78:b8:ea:52:37:
    d5:63
exponent1:
    00:a4:27:2a:7e:47:c1:58:15:d8:4a:a2:21:a5:98:
    f4:33
exponent2:
    00:8c:5b:ff:0a:b3:c5:81:64:c3:a5:d0:9c:36:cf:
    e3:97
coefficient:
    60:c1:e8:18:d0:b7:e8:32:f3:2a:04:3d:5a:d5:c9:
    51

What this test tells us:

  • OpenSSL allows you to generate RSA keys with a default public exponent of 65537.
  • If you don't like it, you can provide your own selection of public exponent of 3, for example. The private key and public key seem to be good.

 

OpenSSL "genpkey" Command for RSA Keys

⇒⇒OpenSSL Tutorials

2018-01-06, 830👍, 0💬