Generate Private and Public key OpenSSL

openssl rsa private-key public-key
43,313

Solution 1

'genrsa' generates just an RSA key.

'req' then uses that key to make a x509 style request.

If you just need a rsa key pair - use genrsa.

If you need a keypair and a signed x509 request you use 'genrsa' and then 'req'.

Optionally 'req' can also generate that key for you (i.e. it encapsulates the 'genrsa' command (and the gendh).

So:

 openssl genrsa -aes128 -out privkey.pem 2048
 openssl req -new -x509 -key privkey.pem

is almost equivalent to

 openssl req -new -x509 -keyout privkey.pem  -newkey rsa:2048

except that unlike 'genrsa', 'req' does not allow you to specify aes128 as the encryption.

So in a lot of enterprise settings one does it in two steps as to get sufficient control over the key encryption applied.

Solution 2

As I can see from the output, you choose wrong algorithm. Shouldn't you pass -aes128 instead of -aes-128-cbc?

From manual I assume that -aes-128-cbc is a proper parameter for openssl enc, but I don't know if it should work for genrsa.

Share:
43,313
kozla13
Author by

kozla13

Updated on July 05, 2022

Comments

  • kozla13
    kozla13 almost 2 years

    I have the following commands for OpenSSL to generate Private and Public keys:

    openssl genrsa –aes-128-cbc –out priv.pem –passout pass:[privateKeyPass] 2048

    and

    openssl req –x509 –new –key priv.pem –passin pass:[privateKeyPass] -days 3650 –out cert.cer

    ... but they are not working. For the first command I get the following error :

    usage: genrsa [args] [numbits]
 -des            encrypt the generated key with DES in cbc mode
 -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)
 -seed
                 encrypt PEM output with cbc seed
 -aes128, -aes192, -aes256
                 encrypt PEM output with cbc aes
 -camellia128, -camellia192, -camellia256
                 encrypt PEM output with cbc camellia
 -out file       output the key to 'file
 -passout arg    output file pass phrase source
 -f4             use F4 (0x10001) for the E value
 -3              use 3 for the E value
 -engine e       use engine e, possibly a hardware device.
 -rand file:file:...
                 load the file (or the files in the directory) into
                 the random number generator

    What am I doing wrong?

    Edit: I solved the first command :

    openssl genrsa -aes128 -out privkey.pem 2048

    But now I'm getting an error with the second:

    unknown option –x509

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Generate RSA2 key in OpenSSH format
Can't import public key into OSX Keychain
How to export private key? (GnuPG)
Recover an SSH private key?
How do I import a RSA SSH key into GPG as the _primary_ private key?
How can I encrypt with a RSA private key in python?
Encrypted Private Key to RSA Private Key
X.509: Private / Public Key
Differences between "BEGIN RSA PRIVATE KEY" and "BEGIN PRIVATE KEY"
RSA: Get exponent and modulus given a public key