Generate RSA Key Using Command openssl genrsa

Generate RSA Key Using Command openssl genrsa

OpenSSL is a giant command-line binary capable of a lot of various security related utilities. Each utility is easily broken down via the first argument of openssl. For instance, to generate an RSA key, the command to use will be openssl genrsa.

Generate 4096-bit AES-256 Encrypted RSA Private Key .pem

The following command will result in an output file of private.pem in which will be a private RSA key in the PEM format.

openssl genrsa -aes256 -out private.pem 4096

Let’s break this command down:

When you execute this command, it will ask for a password to encrypt the key with. After you select a password, a file will be created in the current director named private.pem.

Private RSA keys start with the text -----BEGIN RSA PRIVATE KEY-----.

You can inspect this file with the command cat private.pem.

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,4C14DBFC916410F7C745564637F7CD75

UfSct3tx8Wxth6WuparPsGMdVogOLmg3Ep8FX0X2ypmW58oVyT6AKXDhjpYWcvS7
kaqpvCbbmfIgEQzlO2oPlsWLMNuWjAXV5nSNtwF1Ks9YoqJYyQ9auhXJgAXx0LYs
HwtoRG6YV5Mb5LG/WxoReE7o60IykLRC4jFN6j/1WMn+I39tEGwouaIAsQp5ZUKG
SNPlsfAAEPbuV+9AcYhxlAOjSC/DGHS+bXs0+QVw0gC1UUmnOA1QqPihgti5B7JN
JQyuLEgI26nMj/rhz87GFwUNIgpIhNc0lPMHeiaXHZH0iog8MRteJDUQz9316UUI
ir+n0MEpIRVLl4hTpaJsOaZ7PAP4npqghumeZS9ZfZGbC2idErWvFfXk5HYuIeU5
qD7QwuHD6bHkYS529zJmesH6+bfvrPQtaCQHfIg9kNfJ/39AwBgXlw3oGc3dAHsu
dDCTtKLgFABqsHAzJ94mvnRRetO1AXQydCejcnfIjzTRlK9CPFCVyb9TWwNaIGh4
UYmSMiu2T3kBUqjG5ayO64MrH9vqMrJSM9KskUukkxJGRP59IOOVcfpRUNR1p7KB
fPgYvHGA4PHrLw/SAZfaY0m2B6J9MoxoRZoUKo4JJ4vMQQlILH4TK7wmQFva2boS
vjlUs/0W8pchtaLpmca2IcinRPnPBkgvT3tKLUei79WfxpzVtqcX+HcYnItQDx5v
wz2pL3zUlVcdeCMuH+dMpFghKeUrPWBAddXKsU+f7FSC/+75LIqE3/tT6WXZXdeA
SuMo9GNCC18S+qq45DFP1y518rjCVh2k1tP818c47sBxtMS/rhdOZktdMomST8Ta
8ImYedW9JRjwOS2sHnULP7FlOJ4jS8Ne0egRrsm/LMjvGnCzGlPuaHv9zfG2Z+e9
LuJ8+po94Ocws2ZwLZ9shq8lfqoD9tC0dzYnZsjLXv5SisRX0Oa1k7Tx9SuzcqID
QbVWUXbGRVHwIZqDZWgqIktI1rlEXs2qHTwim9yYTOi76F/nGKpeDI782Z4yP0ax
iPM+yKfvM4eXrQ43XLpbEX574DQ3ZRgxmLOQe6GiXclRPD6cj2RhADCeVYWfIBIF
VcoTcB+KyTf+ih8wer9PD7v6RXpgl4hKgbaQ2L1VhVWw27BPusGYNSOdsOyTSfOS
F5cBds3PzY7e0uQKqTAPV3C6mzN6miTt1cDz3hva4UQn2/IZt0wvSMqNGJV28Fs3
jpV+WVl1vVg5NntwuKserf+FP0YhSntrcMyMEf3W5OQRXMb+xyOQe1TE2zzUwB3k
7hazx1HpMVQMGAHi3N29Hyd9/U/0R6T8dJHyKf7u8xcXApHEMdr35W87FE8cIJTo
UKMMDdcs54rDoXvaRZMPXuCN3eQrSmSlWf98sqpigyf67o3AyuTNL5MBpfcm1yhP
KNsDLJR5u/kXuC8w1EObt/PW86Fu8fvfkXLYJwhiHvR5gwy5FuPFPp7g2qf7wo++
DXSgd26OAWF4doSPQZNUcP1+5vo6YCgRpHMB3rVpwwM5j+tGoNjQYp7uzHeihScw
1LD2egPJcX6vQ80Fadtv0RhEW5IBnkQ7ayjHHSRz/SPlp+xcHjTqyo18DhxFmnFW
he3Hu2DTWEM4ZGFPtkQSezSlyQow/arzLuJVXme+CXKlSzEvQN4lflwlhZHnGKri
0WIrTbly+OySCu/Qh926TYKTS4eSVIdKQZvAi0/0y/Uk7hx+jIpzpAavXy0a/mgZ
e6oSTrZlTkErDTZsKodz7pdDe0a/Dw/IPqt99Si2sm3x0djeS3A7P64yO3UaK5LX
Mdnkc8xM1kDqxd0K0viNGOttLhwlLGFrtt6I0cppDN+C6M0eJY5ZmQ7NZX7aL3p5
b/4hBzdsY7tsKc5l615UI1keyXG0MVHYXzJsgW8tOz3xV+DxfBK8kEXXS43VgJVL
Xw4qMku8UrtfFpWGASkBp+I5+crdDvH0LPAo4BmLJudhnmrlDGkJK5l31IbTElnc
27z0g7xH9AgbK4Jzh7oPsyDCdabqsQzyE3suCB1zt54YjmhgzDpp5jrTRXiiennr
tDySob6ew3TR4Bn39vxRe3y8Tq+bwscHtqHc2jg3VlnvId6JyU45k+rhyWDkQBbr
ATsxuginqpvtyPHunYzQZiHKaPm2dPhesDkTOEJMHu8f5xi8TtgQ/NUWVp1qc3u3
tQL9FYRIXjgW+k8XdTD+M7YVe/jRyNI0aTEhmZ/Kfo+GNGcKX2v8DAenlUXKaEGP
c8b4ZRK9kyd7wy6lWhWK5jgffF0WI5svUwR0t8aYGHSD2Xgwpk49hqGsVGIALRGw
VtlxcP7p5Lf7D1AYSXNZ5PO5iOmepkNmnQhkZNAK0JFSEuOkcPnnHZaEMOLVfDvV
7wZIloJiEydKXxnn8Z+pzVsAHcC60EDZQXxPnjt+an6FsIKhkipENWh8orvoPwGh
+NZL84yqePKk105KgARu8QpZQ7jZFMxlRXQfb3NXnPqDxJfufyd1YAPbLfTHNQmH
kvZeRam82AldpeoPNHYV1OOzxAdCADMBYMl5sc3C0miSWD+yKsW/lm8RiECFL/Fe
N6PurlEcPFfHBay/0S1pqqx+Wu5y+/+sCIUN3WuFfDljQTBbadtGlSQHiVWvMiRZ
a7SMTT1ssh6eRmkHgYn55r8aeNYpKNktw1M6Ew9iOA2pAKg6ISthaPGV7wNO9at/
M/or1ZdEyeU2FTbisGDJQ2C3WtcddY4/h2CSfb9+ssQ9KEONzB0pLpGFr1ks0FTx
XYOngdJq3iRG4Y8IlfkzlT68oBxcPVE/Lneyet19hHsrotC2tyTOiPq+nxC2vB1F
A1S3290L31zKt+ZrFG7IUL2Am7Zjl8urpZabo5DZm0Vmobil1BG/h9Knn3/mYzsS
xyBGo41E3K9XBb3l8WX7iWQpqdIhpsTTykkwotY6K1G/iY7Av84HHTJvR5d8rIxG
7o5bLUE2qKrXnpYMBp/+li9vVjtdF5Q2z+ME6Mo4vaqmmSkUUgnzsIh24lbpCi0d
l3FqBkcRkhAmGrggIQAuYUZGjCvb/0fjsZ84op93FazjWCjTQv4C0MsKGCWPwBto
7vU6JjHkUJ1Fw1vduVj/5KcIP6dRFu+ylka52v029+fe+//53QE2SblmPUW44HCv
-----END RSA PRIVATE KEY-----

Export Public RSA Key From Private Key

In order to export the public key from the freshly generated private RSA Key, the openssl rsa utility, which is used for processing RSA keys.

The command to export a public key is as follows:

openssl rsa -in private.pem -pubout -outform PEM -out public.pem

This will result in a public key, do to the flag -pubout.

Inspect this file with cat public.pem:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxwkpzgdejSA3gMfaWw1W
EjHUG7xDeyI6NV2s3qHzXHdXeMBw7GC6UlZrK47x6bRbGfxiWzAPzkL2XHrt5kxK
8FlmIENR/NWo9pzTLZG2cBk+a6Eq/LM8mX6W8RHUQ+g8mtDyk7jGIN/cOKw8M4YR
6kwIkOh1HkvPeobS3AxcPOuwtyz6UZfEQr1MNzbQ4eteqQgT0iHuMc9UDgOBSJPL
semkBvUtE1DmCwqgaM6ksmZVdrSi4eXNxBiQqphMzYMGTkXQEK219tqMbt4qELyW
mT+3T9rBa1dqNWvGGmil4vD7KJh2zwL4hoeVRz9XLOMjRDrdxLJKzANwgGUqKBgA
7mwTpofEtwJ/2/gCNSF228JPH26QVvKoaEVcg3X24J2m3T7MUBtfT/E8SvqXi1Br
I9USRoftsKW8BnsywRKoJ31OmV+YglPNJ/RDCpPhsNy30rqd7zsEBWQMkQ4OBxqi
0Jqjlxk1p8HZt/9tZx4rxyLWiDp5EHzMN+29fwMPTbURk9ehng2hZI9wqZQLmJwb
wUFkwgu5wD/MijyJuORwWBlr3VHMLwEmWDMjx6V1bP/mlKlE/GjQ+TyFFkuGppmI
qxYsp/wSixWrRT00O0Gjvs614PjGaLbm7GrCuHxy5hPxY9PbZrvwMNQl0d8O0SbE
gKvLqx5yaMrh1hMhCB/9+HsCAwEAAQ==
-----END PUBLIC KEY-----

The public key can be uploaded to other servers and services to encrypt data for the private key to decrypt.

This file will start with -----BEGIN PUBLIC KEY-----. If this file doesn’t start with “BEGIN PUBLIC KEY”, do not upload it as a public key to any source!