Generate OpenSSL RSA Key Pair from the Command Line (2024)

Table of Contents
The Commands to Run Generate a 2048 bit RSA Key Export the RSA Public Key to a File Do Not Run This, it Exports the Private Key Visually Inspect Your Key Files The Generated Key Files The private.pem file looks something like this: The public key, public.pem, file looks like: Protecting Your Keys Oh, and one last thing. Found an issue? FAQs

4 minutes estimated reading time.

Frank Rietta 01/27/2012 (Last Updated: 10/22/2019)

While Encrypting a File with a Password from the Command Line using OpenSSLis very useful in its own right, the real power of the OpenSSL library is itsability to support the use of public key cryptograph for encrypting orvalidating data in an unattended manner (where the password is not required toencrypt) is done with public keys.

The Commands to Run

Generate a 2048 bit RSA Key

You can generate a public and private RSA key pair like this:

openssl genrsa -des3 -out private.pem 2048

See Also
How Do I Convert the Format of a Private Key File?_Data Encryption Workshop_FAQs_KPS RelatedHow to convert a certificate into the appropriate formatAdministering Oracle Cloud Identity ManagementProving Possession of a Private Key - SSL.com

That generates a 2048-bit RSA key pair, encrypts them with a password you provideand writes them to a file. You need to next extract the public key file. You willuse this, for instance, on your web server to encrypt content so that it canonly be read with the private key.

Export the RSA Public Key to a File

This is a command that is

openssl rsa -in private.pem -outform PEM -pubout -out public.pem

The -pubout flag is really important. Be sure to include it.

Next open the public.pem and ensure that it starts with-----BEGIN PUBLIC KEY-----. This is how you know that this file is thepublic key of the pair and not a private key.

To check the file from the command line you can use the less command, like this:

See Also
Breaking RSA Encryption - an Update on the State-of-the-Art - QuintessenceLabs

less public.pem

Do Not Run This, it Exports the Private Key

A previous version of the post gave this example in error.

openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM

The error is that the -pubout was dropped from the end of the command.That changes the meaning of the command from that of exporting the public keyto exporting the private key outside of its encrypted wrapper. Inspecting theoutput file, in this case private_unencrypted.pem clearly shows that the keyis a RSA private key as it starts with -----BEGIN RSA PRIVATE KEY-----.

Visually Inspect Your Key Files

It is important to visually inspect you private and public key files to makesure that they are what you expect. OpenSSL will clearly explain the nature ofthe key block with a -----BEGIN RSA PRIVATE KEY----- or -----BEGIN PUBLIC KEY-----.

You can use less to inspect each of your two files in turn:

  • less private.pem to verify that it starts with a -----BEGIN RSA PRIVATE KEY-----
  • less public.pem to verify that it starts with a -----BEGIN PUBLIC KEY-----

The next section shows a full example of what each key file should look like.

The Generated Key Files

The generated files are base64-encoded encryption keys in plain text format.If you select a password for your private key, its file will be encrypted withyour password. Be sure to remember this password or the key pair becomes useless.

The private.pem file looks something like this:

-----BEGIN RSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: DES-EDE3-CBC,32495A90F3FF199DlrMAsSjjkKiRxGdgR8p5kZJj0AFgdWYa3OT2snIXnN5+/p7j13PSkseUcrAFyokcV9pgeDfitAhb9lpdjxjjuxRcuQjBfmNVLPF9MFyNOvhrprGNukUh/12oSKO9dFEts39F/2h6Ld5IQrGt3gZaBB1aGO+tw3ill1VBy2zGPIDeuSz6DS3GG/oQ2gLSSMP4OVfQ32Oajo496iHRkdIh/7Hho7BNzMYr1GxrYTcE9/Znr6xgeSdNT37CCeCH8cmPaEAUgSMTeIMVSpILwkKeNvBURic1EWaqXRgPRIWK0vNyOCs/+jNoFISnV4pu1ROF92vayHDNSVw9wHcdSQ75XSE4Msawqv5U1iI7e2lD64uo1qhmJdrPcXDJQCiDbh+FhQhF+wAoLRvMNwwhg+LttL8vXqMDQl3olsWSvWPs6b/MZpB0qwd1bklzA6P+PeAUsfOvTqi9edIOfKqvXqTXEhBP8qC7ZtOKLGnryZb7W04SSVrNtuJUFRcLiqu+w/F/MSxGSGalYpzIZ1B5HLQqISgWMXdbt39uMeeooeZjkuI3VIllFjtybecjPR9ZYQPtFFEP1XqNXjLFmGh84TXtvGLWretWM1OZmN8UKKUeATqrr7zuh5AYGAIbXd8BvweLPigl9ei0hTculPqohvkoc5x1srPBvzHrirGlxOYjW3fc4kDgZpy+6ik5k5g7JWQDlbXCRz3HGazgUPeiwUr06a52vhgT7QuNIUZqdHb4IfCYs2pQTLHzQjAqvVk1mm2Dkh4myIcTtf69BFcu/Wuptm3NaKd1nwk1squR6psvcTXOWII81pstnxNYkrokx4r27YVllNruOD+cMDNZbIG2CwT6V9ukIS8tl9EJp8eyb0a1uAEc22BNOjYHPF50beWf*ckf3uc0SA+G3zhmXCM5sMf5OxVjKr5jgcir7kySY5KbmG71omYhczgr4H0qgxYo9Zyj2wMKrTHLfFOpd4OOEun9Gi3srqlKZep7Hj7gNyUwZu1qiBvElmBVmp0HJxT0NmktuaVbaFgBsTS0/us1EqWvCA4REh1Ut/NoA9oG3JFt0lGDstTw1j+orDmIHOmSu7FKYzr0uCz14AkLMSOixdPD1F0YyED1NMVnRVXw77HiAFGmb0CDi2KEg70pEKpn3ksa8oe0MQi6oEwlMsAxVTXOB1wblTBuSBeaECzTzWE+/DHF+QQfQi8kAjjSdmmMJyN+shdBWHYRGYnxRkTatONhcDBIY7sZV7wolYHz/rf7dpYUZf37vdQnYV8FpO1umYa0GslyRJ5GqMBfDS1cQKne+FvVHxEE2YqEGBcOYhx/JI2soE8aA8W4XffN+DoEyZkinJ/+BOwJ/zUI9GZtwB4JXqbNEE+j7r7/fJO9KxfPp4MPK4YWu0H0EUWONpVweTWtbRhQUCOe4PVSC/Vv1pstvMD/D+E/0L4GQNHxr+xyFxuvILty5lvFTxoAVYpqDu8gNhk3NWefTrlSkhY4N+tPP6o7E4t3y40nOA/d9qaqiid+lYcIDB0cJTpZvgeeQijohxY3PHruU4vVZa37ITQnco9az6lsy18vbU0bOyK2fEZ2R9XVO8fH11jiV8oGH-----END RSA PRIVATE KEY-----

The public key, public.pem, file looks like:

-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzYuc22QSst/dS7geYYK5l5kLxU0tayNdixkEQ17ix+CUcUbKIsnyftZxaCYT46rQtXgCaYRdJcbB3hmyrOavkhTpX79xJZnQmfuamMbZBqitvscxW9zRR9tBUL6vdi/0rpoUwPMEh8+Bw7CgYR0FK0DhWYBNDfe9HKcyZEv3max8Cdq18htxjEsdYO0iwzhtKRXomBWTdhD5ykd/fACVTr4+KEY+IeLvubHVmLUhbE5NgWXxrRpGasDqzKhCTmsa2Ysf712rl57SlH0Wz/Mr3F7aM9YpErzeYLrl0GhQr9BVJxOvXcVd4kmY+XkiCcrkyS1cnghnllh+LCwQu1sYwIDAQAB-----END PUBLIC KEY-----

Protecting Your Keys

Depending on the nature of the information you will protect, it’s important tokeep the private key backed up and secret. The public key can be distributedanywhere or embedded in your web application scripts, such as in your PHP,Ruby, or other scripts. Again, backup your keys!

Remember, if the key goes away the data encrypted to it is gone. Keeping aprinted copy of the key material in a sealed envelope in a bank safety depositbox is a good way to protect important keys against loss due to fire or harddrive failure.

Oh, and one last thing.

If you, dear reader, were planning any funny business with the private key that I have just published here. Know that they were made especially for this series of blog posts. I do not use them for anything else.

Found an issue?

Let us Know

Generate OpenSSL RSA Key Pair from the Command Line (2024)

FAQs

How to generate RSA key pair in OpenSSL? ›

Procedure
  1. Once installed, run the OpenSSL command prompt. Type openssl to start the application.
  2. To generate a new RSA private key, type: genrsa -out {path_to_pem_file} 2048. ...
  3. To generate a public key, type: rsa -pubout -in {path_private_pem} -out (path_public_pem)

Read On
How to generate RSA key command line? ›

In the command prompt, use the ssh-keygen command: By default, the system will save the keys to [your home directory]/.ssh/id_rsa. Unless you are an expert you should use the default option and press Enter. The system will now generate the key pair and display the key fingerprint and a randomart image.

Discover More Details
How do I create a pair of RSA keys? ›

Generate RSA Key Pair
  1. Generate a private key and a public key in PEM. You should safeguard the private key and never share it, not even with Auth0: ...
  2. Extract the public key in PEM format using the following command. ...
  3. Save the PEM file.

Continue Reading
How to generate an encryption key using OpenSSL? ›

In Windows:
  1. Open the Command Prompt (Start > Programs > Accessories > Command Prompt).
  2. Navigate to the following folder: C:\Program Files\ListManager\tclweb\bin\certs.
  3. Type the following: openssl genrsa -out rsa.private 1024.
  4. Press ENTER. The private key is generated and saved in a file named "rsa.

See Details
What is the openssl RSA command? ›

DESCRIPTION. The rsa command processes RSA keys. They can be converted between various forms and their components printed out.

Find Out More
How to generate ssh key pair terminal? ›

Generating a new SSH key
  1. Open Terminal .
  2. Paste the text below, replacing the email used in the example with your GitHub email address. ssh-keygen -t ed25519 -C "your_email@example.com" ...
  3. At the prompt, type a secure passphrase. For more information, see "Working with SSH key passphrases."

Tell Me More
How to generate a key in terminal? ›

Generating SSH key pairs locally

In a terminal, type the command ssh-keygen -t rsa, and press enter. To save the key pair in other than the default directory of ~./ssh or with a different name, add the -f flag followed by the directory and key pair name (e.g. ~/Desktop/key).

Show Me More
How to generate a private key for a certificate in OpenSSL? ›

Procedure
  1. Open the command line.
  2. Create a new private key in the PKCS#1 format. openssl genrsa -des3 -out key_name .key key_strength For example: openssl genrsa -des3 -out private_key.key 2048. ...
  3. Create a certificate signing request (CSR).

Explore More
How to generate RSA key pair in Linux? ›

Procedure
  1. In a terminal, run the ssh-keygen command.
  2. Generate the public/private RSA key pair.
  3. Specify the directory in which to save the key pair. For example, /Users/mymac/. ssh/id_rsa... mysftpkey.
  4. Enter the passphrase. Then, enter the same passphrase again. Enter empty if you don't want to use a passphrase.

Continue Reading
How do I create a new key pair? ›

To create a key pair

In the navigation pane, under Network & Security, choose Key Pairs. On the Key Pairs page, choose Create Key Pair. For Key pair name, type a name that is easy for you to remember, and then choose Create. When the console prompts you to save the private key file, save it in a safe place.

Show Me More

How to generate SSH-2 RSA key? ›

To create a key pair on Microsoft Windows operating systems:
  1. Download PuTTy Key Generator PuTTygen.exe file and run it.
  2. In the Key menu, select SSH-2 RSA Key.
  3. In Parameters, select the RSA option.
  4. In Number of bits in generated key field, enter at least 2048, ideally 4096.
  5. In Actions, select Generate.
May 24, 2024

Read The Full Story
How to generate RSA key pair using Keytool? ›

Procedure 9.1. Create a Private/Public Key Pair with Keytool
  1. Run the keytool -genkey -alias ALIAS -keyalg ALGORITHM -validity DAYS -keystore server.keystore -storetype TYPE command: ...
  2. If the specified keystore already exists, enter the existing password for that keystore, otherwise enter a new password:

See Details
How to generate a RSA key pair with OpenSSL? ›

Generate a 2048 bit RSA Key

That generates a 2048-bit RSA key pair, encrypts them with a password you provide and writes them to a file. You need to next extract the public key file. You will use this, for instance, on your web server to encrypt content so that it can only be read with the private key.

Get More Info Here
How to use OpenSSL command? ›

OpenSSL Commands
  1. Generate a new private key and Certificate Signing Request openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key.
  2. Generate a self-signed certificate openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt.
Mar 29, 2022

Continue Reading
Which command will generate the SSH encryption keys? ›

To generate an SSH key on your Linux server, run the command ssh-keygen .

View More
How to generate CSR in OpenSSL? ›

Follow the steps outlined below to create a CSR using OpenSSL.
  1. Step 1: Check OpenSSL Version. ...
  2. Step 2: Log Into Server. ...
  3. Step 3: Create RSA Private Key and CSR. ...
  4. Step 4: Enter CSR Information. ...
  5. Step 5: Locate Certificate Signing Request File. ...
  6. Step 6: Verify CSR Information. ...
  7. Step 7: Submit CSR as Part of Your SSL Request.
Mar 7, 2024

View Details
How to generate certificate for key in openssl? ›

Right-click the openssl.exe file and select Run as administrator. Enter the following command to begin generating a certificate and private key: req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey. key -out certificate.

See More
How to generate RSA SSH2 key? ›

Generating an SSH key
  1. Open the PuTTYgen program.
  2. For Type of key to generate, select SSH-2 RSA.
  3. Click the Generate button.
  4. Move your mouse in the area below the progress bar. ...
  5. Type a passphrase in the Key passphrase field. ...
  6. Click the Save private key button to save the private key.
Dec 13, 2022

Learn More
How do you generate a key using RSA algorithm? ›

Key Generation

Calculate n = p*q and z = (p-1)(q-1) Choose a number e where 1 < e < z. Calculate d = e-1mod(p-1)(q-1) You can bundle private key pair as (n,d)

Discover More Details
Top Articles
How to calculate the CPI and inflation rate:
How Much Money Can You Make by Trading in the Stock Market
Joi Databas
Forozdz
Kathleen Hixson Leaked
What to Serve with Lasagna (80+ side dishes and wine pairings)
Roblox Developers’ Journal
Moviesda Dubbed Tamil Movies
Stolen Touches Neva Altaj Read Online Free
Blue Ridge Now Mugshots Hendersonville Nc
LeBron James comes out on fire, scores first 16 points for Cavaliers in Game 2 vs. Pacers
Slag bij Plataeae tussen de Grieken en de Perzen
Gfs Rivergate
Watch TV shows online - JustWatch
Ivegore Machete Mutolation
Abortion Bans Have Delayed Emergency Medical Care. In Georgia, Experts Say This Mother’s Death Was Preventable.
Ms Rabbit 305
Huntersville Town Billboards
Apple Original Films and Skydance Animation’s highly anticipated “Luck” to premiere globally on Apple TV+ on Friday, August 5
The Blind Showtimes Near Amc Merchants Crossing 16
Marine Forecast Sandy Hook To Manasquan Inlet
Clare Briggs Guzman
When Does Subway Open And Close
Mdt Bus Tracker 27
800-695-2780
No Limit Telegram Channel
Dexter Gomovies
Astro Seek Asteroid Chart
Pay Stub Portal
Stubhub Elton John Dodger Stadium
Kids and Adult Dinosaur Costume
Craigslist Central Il
De beste uitvaartdiensten die goede rituele diensten aanbieden voor de laatste rituelen
Lichen - 1.17.0 - Gemsbok! Antler Windchimes! Shoji Screens!
Workday Latech Edu
Go Smiles Herndon Reviews
Soulstone Survivors Igg
Metro Pcs Forest City Iowa
Sukihana Backshots
Achieving and Maintaining 10% Body Fat
'The Night Agent' Star Luciane Buchanan's Dating Life Is a Mystery
Eat Like A King Who's On A Budget Copypasta
Oakley Rae (Social Media Star) – Bio, Net Worth, Career, Age, Height, And More
Muni Metro Schedule
Meee Ruh
Smoke From Street Outlaws Net Worth
Craigslist Pets Lewiston Idaho
Convert Celsius to Kelvin
Cataz.net Android Movies Apk
Olay Holiday Gift Rebate.com
Latest Posts
Elevate your data security with Carbonite – it's not just a backup | Carbonite
Bank of America® Travel Rewards Credit Card - Apply Today
Article information

Author: Dr. Pierre Goyette

Last Updated:

Views: 5564

Rating: 5 / 5 (70 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Dr. Pierre Goyette

Birthday: 1998-01-29

Address: Apt. 611 3357 Yong Plain, West Audra, IL 70053

Phone: +5819954278378

Job: Construction Director

Hobby: Embroidery, Creative writing, Shopping, Driving, Stand-up comedy, Coffee roasting, Scrapbooking

Introduction: My name is Dr. Pierre Goyette, I am a enchanting, powerful, jolly, rich, graceful, colorful, zany person who loves writing and wants to share my knowledge and understanding with you.