version 1.52, 2016/08/14 09:02:52 |
version 1.53, 2016/08/16 06:40:24 |
|
|
Print an unencrypted text representation of private and public keys and |
Print an unencrypted text representation of private and public keys and |
parameters along with the DER or PEM structure. |
parameters along with the DER or PEM structure. |
.El |
.El |
.\" |
|
.\" GENRSA |
|
.\" |
|
.Sh GENRSA |
.Sh GENRSA |
.nr nS 1 |
.nr nS 1 |
.Nm "openssl genrsa" |
.Nm "openssl genrsa" |
.Bk -words |
|
.Op Fl 3 | f4 |
.Op Fl 3 | f4 |
.Oo |
.Op Fl aes128 | aes192 | aes256 | des | des3 |
.Fl aes128 | aes192 | aes256 | |
|
.Fl des | des3 |
|
.Oc |
|
.Op Fl out Ar file |
.Op Fl out Ar file |
.Op Fl passout Ar arg |
.Op Fl passout Ar arg |
.Op Ar numbits |
.Op Ar numbits |
.Ek |
|
.nr nS 0 |
.nr nS 0 |
.Pp |
.Pp |
The |
The |
.Nm genrsa |
.Nm genrsa |
command generates an RSA private key. |
command generates an RSA private key, |
|
which essentially involves the generation of two prime numbers. |
|
When generating the key, |
|
various symbols will be output to indicate the progress of the generation. |
|
A |
|
.Sq \&. |
|
represents each number which has passed an initial sieve test; |
|
.Sq + |
|
means a number has passed a single round of the Miller-Rabin primality test. |
|
A newline means that the number has passed all the prime tests |
|
(the actual number depends on the key size). |
.Pp |
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl 3 | f4 |
.It Fl 3 | f4 |
The public exponent to use, either 3 or 65537. |
The public exponent to use, either 3 or 65537. |
The default is 65537. |
The default is 65537. |
.It Xo |
.It Fl aes128 | aes192 | aes256 | des | des3 |
.Fl aes128 | aes192 | aes256 | |
Encrypt the private key with the AES, DES, |
.Fl des | des3 |
|
.Xc |
|
These options encrypt the private key with the AES, DES, |
|
or the triple DES ciphers, respectively, before outputting it. |
or the triple DES ciphers, respectively, before outputting it. |
If none of these options are specified, no encryption is used. |
If none of these options are specified, no encryption is used. |
If encryption is used, a pass phrase is prompted for, |
If encryption is used, a pass phrase is prompted for, |
|
|
.Fl passout |
.Fl passout |
option. |
option. |
.It Fl out Ar file |
.It Fl out Ar file |
The output |
The output file to write to, |
.Ar file . |
or standard output if none is specified. |
If this argument is not specified, standard output is used. |
|
.It Fl passout Ar arg |
.It Fl passout Ar arg |
The output file password source. |
The output file password source. |
.It Ar numbits |
.It Ar numbits |
|
|
This must be the last option specified. |
This must be the last option specified. |
The default is 2048. |
The default is 2048. |
.El |
.El |
.Sh GENRSA NOTES |
|
RSA private key generation essentially involves the generation of two prime |
|
numbers. |
|
When generating a private key, various symbols will be output to |
|
indicate the progress of the generation. |
|
A |
|
.Sq \&. |
|
represents each number which has passed an initial sieve test; |
|
.Sq + |
|
means a number has passed a single round of the Miller-Rabin primality test. |
|
A newline means that the number has passed all the prime tests |
|
.Pq the actual number depends on the key size . |
|
.Pp |
|
Because key generation is a random process, |
|
the time taken to generate a key may vary somewhat. |
|
.Sh GENRSA BUGS |
|
A quirk of the prime generation algorithm is that it cannot generate small |
|
primes. |
|
Therefore the number of bits should not be less that 64. |
|
For typical private keys this will not matter because for security reasons |
|
they will be much larger |
|
.Pq typically 2048 bits . |
|
.\" |
.\" |
.\" NSEQ |
.\" NSEQ |
.\" |
.\" |