OpenSSL "genrsa" - Generate RSA Key Pair

Q

How to generate a new RSA key pair using OpenSSL "genrsa" command?

✍: FYIcenter.com

A

If you need a new RSA key pair in order to create a new certificate, you can use the OpenSSL "genrsa" command as shown below:

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> genrsa -out my_rsa.key
Generating RSA private key, 2048 bit long modulus
..........................+++
.........................................................
...................+++
e is 65537 (0x10001)
OpenSSL> exit

C:\Users\fyicenter>type my_rsa.key
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAx1SQU1GfsBNB6XU2nqrwIHm1ImXPAcsInQNfhFcpzpku3Kmm
0LpDZF1oqkqLNLlh0qVIIlfuMNnVNLAozbUbaJalFUdSGPAVl7jFRZxpDai+d4U2
we14MO3kTwy7H3ZeRKzWklL2FCeKo2c20gzFOfxdePwSx9lBT7efFNc5NHRPdPbP
/e1Zx1VqB8wAKTgRwafQmFfYUbbk2Cc5ftZ8yhWc43+2qWzhWm6Ig8knbapPLMPw
6bFzwD+ck+6d7zbCG++NrBuXH858iDJfzLgrwic7fW0cRiF+yBpiTmAw6G9HH0CQ
u8HNBgMfXZIuYjZER4MObmqSGiRTyN9mEFtSWwIDAQABAoIBAQCcA20fOZDSQJBj
SNHiaIqf8IK8lJDsp1xrgHtfWtWnFbBfGA4v6snaoV3Ng6DnOH3/YExQTSBqbeT5
YzPcpfb46of1WqhASpGr+fu1m1GCVmQVqleMe/CJ43jCAoXnfz8TY3BigLqIVdam
RJ/c0hAAba0/h5SvhTUgTukdZ8MncMwd9XXcykJdsM0Je9Sk7P2VqJ9L0wA0wxJk
+zUgCLRA6rbOautqvqg4NH6C37nvW6YylLbuElKrnmp+18aEU+wwBPh7kX/dwPe5
8A28tZ2FHeHCy0CFoA2ynd4S9eTJHL96JnEDoOh3EXf8Lza+k6sDDl1PRzZLGrvp
3IeOzM5hAoGBAOY9zW13hI7AINhoLYDiTUKIwEDBdArhHFPghVyyOn4RNC9jOzLK
BsP42JaOYfMfJo8cWswEMqCG0P8ApnRhktCtvVCs/qXonC7+TMefTtM+vKnnCfWJ
KO2MvIpPubZT2FVcpKVhNeUyXURLh1UO8TzNBTXHUmSyDeC/K3b59p0rAoGBAN2h
dOAs9vaoTjuKtB8U6/wXPa/ylkQmmYW+LQYU2eYR4CgPKfNDPP8JxmvveRO94Aa4
yzHUGz28rFNRGnNJNIb5KFlfBnJieh4DJyjPagX6Utpy6b64xp+U+PUcj1pewweV
0AWYO4EY9GE5Ke599p8rHKt2neV6fQiv7+zvUGeRAoGAfrdC6V1fCkW5jgEAEi/6
f4TN8pXF7Prp4Uvveg3pXVrQksgVW6WOxaqeYXYpeGoLibX8Ts58opawTbgo5GKT
L+B/Efi0CdGUq9Rvo2oNMvwTT5sFgyoi6WKMnb61IiDRLmHXh+GRjPwEEsNSz0Bz
Cph3ppp1wU+xjaEJJej6jpMCgYAZdvWg1EnD6W6jtLohYBwFKP5zeuH9DppRHZq6
uiaXIrKop6VgR/d4Lj1YJXm55PUakJz4KrC+lTEPmZ/6Ywzf/Ty/mAV7mwkA7cfQ
DpTV/v8KDm4A9eYMa+d28kMeVQj/lB0Ep4seuClMCm9g8aQmgaOXp9dYiIxZNS3S
AWUxoQKBgEpy6PaaR03u7nCSP4/pN2jGg8UN3dF9HGiuGcYuKUSRqFCqNPfYp51T
eCJts46z8e6W9PJnpo+cFfWVZVmMXBjm3luPMHF5woM0DcZChpC7Feup2/YcM40l
ufqEwjm7at018CCXNEHLB0qJggO9pI7t90NRU3NInYtCxn0PCNFK
-----END RSA PRIVATE KEY-----

What this test tells us:

  • By default, OpenSSL generate 2048 bit long RSA keys.
  • The output is labeled as private key. But it actually contains two parts a private key and a matching public key as a key pair for encryption and decryption.
  • The output is not password protected, which is not recommended. Private keys must be kept private with a password.

 

OpenSSL "rsa" Command Options

OpenSSL "genrsa" Command Options

OpenSSL "genrsa" and "rsa" Commands

⇑⇑ OpenSSL Tutorials

2017-02-24, 3756🔥, 0💬