Index Index for
Section 1ssl
Index Alphabetical
listing for G
Bottom of page Bottom of
page		 

genrsa(1ssl)


NAME

  genrsa - Generate an RSA private key


SYNOPSIS

  openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea] [-f4]
  [-3] [-randfilename] [numbits]


OPTIONS

  -outfilename
	  Outputs the filename. If this argument is not specified then
	  standard output is used.

  -passoutarg
	  Outputs the file password source. For more information about the
	  format of arg see the Pass Phrase Arguments section in
	  openssl(1ssl).

  -des|-des3|-idea
	  Encrypts the private key with the DES, triple DES, or the  IDEA
	  ciphers, respectively, before outputting it. If none of these
	  options is specified no encryption is used. If encryption is used,
	  there is a prompt for a pass phrase if it is not supplied via the
	  -passout argument.

  -F4|-3  The public exponent to use, either 65537 or 3. The default is
	  65537.

  -randfilenname
	  A file or files containing random data used to seed the random
	  number generator, or an EGD socket. (See RAND_egd(3).) Multiple
	  files can be specified separated by an OS-dependent character. The
	  separator is a semicolon (;) for MS-Windows, a comma (,) for
	  OpenVMS, and a colon (:) for all others.

  numbits The size of the private key to generate in bits. This must be the
	  last option specified.  The default is 512.


DESCRIPTION

  The genrsa command generates an RSA private key.


NOTES

  RSA private key generation essentially involves the generation of two prime
  numbers. When generating a private key, various symbols will be output to
  indicate the progress of the generation. A period (.) represents each
  number that passed an initial sieve test. A plus sign (+)  means a number
  has passed a single round of the Miller-Rabin primality test. A newline
  means that the number has passed all the prime tests; the actual number
  depends on the key size.

  Because key generation is a random process, the time taken to generate a
  key may vary.


RESTRICTIONS

  A quirk of the prime generation algorithm is that it cannot generate small
  primes. Therefore, the number of bits should not be less that 64. For
  typical private keys this will not matter because, for security reasons,
  they will be much larger (typically 1024 bits).


SEE ALSO

  Commands: gendsa(1ssl)

Index Index for
Section 1ssl
Index Alphabetical
listing for G
Top of page Top of
page