"openssl genpkey" - Generate Private Key

This section describes the 'openssl genpkey' command, which generates a private/public key pair for a given algorithm.

What Is "openssl genpkey" Command? "openssl genpkey" is an OpenSSL command to generate a private/public key pair for a given algorithm. It replaces some other OpenSSL commands in previous releases: "openssl genrsa", "openssl gendsa", "openssl ecparam -genkey", ...

Here are some "openssl genpkey" command examples to generate private/public key pairs with different algorithms:

# Generates a RSA private/public key pair
# Replacing: openssl genrsa -out key.pem
openssl genpkey -algorithm RSA -out key.pem

# Generates a 2048-bit RSA private/public key pair
openssl genpkey -algorithm RSA -out key.pem \
  -pkeyopt rsa_keygen_bits:2048

# Prints out information from a RSA private/public key pair
openssl rsa -in key.pem -text -noout

# Generates an EC private/public key pair using curve "P-384"
# replacing: openssl ecparam -genkey -name P-384 -noout -out key.pem
openssl genpkey -algorithm EC -out key.pem \
  -pkeyopt ec_paramgen_curve:P-384

# Prints out information from an EC private/public key pair
openssl ec -in key.pem -text -noout

Command options used in above examples are:

-algorithm RSA|EC|...  Specifies the key generation algorithm 
-in key.pem    Specifies the input key file in PEM format
-noout         Stops writing out the key
-out key.pem   Writes out the private/public key pair to a file 
-pkeyopt rsa_keygen_bits:2048  Specifies the RSA key size in bits
-pkeyopt ec_paramgen_curve:P-384  Specifies the EC curve name 
-text          Prints out the key information in text form

Having a private/public key pair is the first step in PKI certificate generation process. You can follow next tutorials to generate a RSA or EC private/public key pair.

Or you can run the "man openssl-genpkey" command on a Linux system to read the manual to explore more key generation options.

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of PKI Certificate

 PKI Certificate File Formats

OpenSSL - Cryptography Toolkit

 What Is OpenSSL

 What Is "openssl" Command

"openssl genpkey" - Generate Private Key

 "openssl genpkey -algorithm RSA" - RSA Private Key

 "openssl genpkey -algorithm EC" - EC Private Key

 "openssl req" - CSR (Certificate Signing Request)

 "openssl req -new" - Generate CSR from Key

 "openssl req -newkey ..." - Generate Key and CSR

 "openssl req -x509" - Generate Self-Signed Certificate

 "openssl x509" - X.509 Certificate Command

 "openssl x509 -CA ..." - CA Signing Certificate

 "openssl ca" - CA (Certificate Authority) Tool

 Java "keytool" Commands and KeyStore Files

 PKI Certificate Store

 PKCS12 Certificate Bundle File

 PKCS7 Certificate Chain File

 PKI Certificate Related Terminology

 References

 Full Version in PDF/EPUB