PKI Certificate Tutorials - Herong's Tutorial Examples - v1.12, by Herong Yang
"openssl genpkey" - Generate Private Key
This section describes the 'openssl genpkey' command, which generates a private/public key pair for a given algorithm.
What Is "openssl genpkey" Command? "openssl genpkey" is an OpenSSL command to generate a private/public key pair for a given algorithm. It replaces some other OpenSSL commands in previous releases: "openssl genrsa", "openssl gendsa", "openssl ecparam -genkey", ...
Here are some "openssl genpkey" command examples to generate private/public key pairs with different algorithms:
# Generates a RSA private/public key pair # Replacing: openssl genrsa -out key.pem openssl genpkey -algorithm RSA -out key.pem # Generates a 2048-bit RSA private/public key pair openssl genpkey -algorithm RSA -out key.pem \ -pkeyopt rsa_keygen_bits:2048 # Prints out information from a RSA private/public key pair openssl rsa -in key.pem -text -noout # Generates an EC private/public key pair using curve "P-384" # replacing: openssl ecparam -genkey -name P-384 -noout -out key.pem openssl genpkey -algorithm EC -out key.pem \ -pkeyopt ec_paramgen_curve:P-384 # Prints out information from an EC private/public key pair openssl ec -in key.pem -text -noout
Command options used in above examples are:
-algorithm RSA|EC|... Specifies the key generation algorithm -in key.pem Specifies the input key file in PEM format -noout Stops writing out the key -out key.pem Writes out the private/public key pair to a file -pkeyopt rsa_keygen_bits:2048 Specifies the RSA key size in bits -pkeyopt ec_paramgen_curve:P-384 Specifies the EC curve name -text Prints out the key information in text form
Having a private/public key pair is the first step in PKI certificate generation process. You can follow next tutorials to generate a RSA or EC private/public key pair.
Or you can run the "man openssl-genpkey" command on a Linux system to read the manual to explore more key generation options.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of PKI Certificate
►OpenSSL - Cryptography Toolkit
►"openssl genpkey" - Generate Private Key
"openssl genpkey -algorithm RSA" - RSA Private Key
"openssl genpkey -algorithm EC" - EC Private Key
"openssl req" - CSR (Certificate Signing Request)
"openssl req -new" - Generate CSR from Key
"openssl req -newkey ..." - Generate Key and CSR
"openssl req -x509" - Generate Self-Signed Certificate
"openssl x509" - X.509 Certificate Command
"openssl x509 -CA ..." - CA Signing Certificate
"openssl ca" - CA (Certificate Authority) Tool
Java "keytool" Commands and KeyStore Files
PKCS12 Certificate Bundle File