Generate Private and Public key OpenSSL
Solution 1
'genrsa' generates just an RSA key.
'req' then uses that key to make a x509 style request.
If you just need a rsa key pair - use genrsa.
If you need a keypair and a signed x509 request you use 'genrsa' and then 'req'.
Optionally 'req' can also generate that key for you (i.e. it encapsulates the 'genrsa' command (and the gendh).
So:
openssl genrsa -aes128 -out privkey.pem 2048
openssl req -new -x509 -key privkey.pem
is almost equivalent to
openssl req -new -x509 -keyout privkey.pem -newkey rsa:2048
except that unlike 'genrsa', 'req' does not allow you to specify aes128 as the encryption.
So in a lot of enterprise settings one does it in two steps as to get sufficient control over the key encryption applied.
Solution 2
As I can see from the output, you choose wrong algorithm.
Shouldn't you pass -aes128
instead of -aes-128-cbc
?
From manual I assume that -aes-128-cbc
is a proper parameter for openssl enc
, but I don't know if it should work for genrsa
.
![kozla13](https://i.stack.imgur.com/zrfEQ.jpg?s=256&g=1)
kozla13
Updated on July 05, 2022Comments
-
kozla13 almost 2 years
I have the following commands for OpenSSL to generate Private and Public keys:
openssl genrsa –aes-128-cbc –out priv.pem –passout pass:[privateKeyPass] 2048
and
openssl req –x509 –new –key priv.pem –passin pass:[privateKeyPass] -days 3650 –out cert.cer
... but they are not working. For the first command I get the following error :
usage: genrsa [args] [numbits] -des encrypt the generated key with DES in cbc mode -des3 encrypt the generated key with DES in ede cbc mode (168 bit key) -seed encrypt PEM output with cbc seed -aes128, -aes192, -aes256 encrypt PEM output with cbc aes -camellia128, -camellia192, -camellia256 encrypt PEM output with cbc camellia -out file output the key to 'file -passout arg output file pass phrase source -f4 use F4 (0x10001) for the E value -3 use 3 for the E value -engine e use engine e, possibly a hardware device. -rand file:file:... load the file (or the files in the directory) into the random number generator
What am I doing wrong?
Edit: I solved the first command :
openssl genrsa -aes128 -out privkey.pem 2048
But now I'm getting an error with the second:
unknown option –x509