Generating a Pair of RSA Private and Public Keys in Linux using OpenSSL

Posted on In QA, Tutorial

RSA (Rivest–Shamir–Adleman) is a widely used public-key cryptosystem that is used for secure communication over the internet. In this post, we will explore how to generate a pair of RSA private and public keys in Linux using the OpenSSL library. Generating a pair of RSA private and public keys in Linux using OpenSSL is a simple and straightforward process. By following the steps outlined in this post, you can easily generate RSA keys that can be used for secure communication over the internet.

Step 1: Install OpenSSL

The OpenSSL library is a popular implementation of the SSL and TLS protocols. It provides a set of cryptographic functions that are used for secure communication over the internet. To install OpenSSL on Linux, you can use the package manager that comes with your distribution. For example, on Ubuntu, you can install OpenSSL by running the following command:

sudo apt-get install openssl

Step 2: Generate a Private Key using OpenSSL

To generate an RSA private key, you can use the following OpenSSL command:

openssl genpkey -algorithm RSA -out private_key.pem

In this command, the -algorithm RSA option specifies that we want to use the RSA algorithm to generate the key. The -out private_key.pem option specifies the output file name and location.

If you would like to store the private key in as encrypted

openssl genpkey -algorithm RSA -out private_key.pem -aes256

The -aes256 option specifies that we want to encrypt the private key using AES-256 encryption. After running this command, you will be prompted to enter a passphrase for the private key. Make sure to choose a strong passphrase and remember it, as you will need it to use the private key.

Step 3: Generate a Public Key using OpenSSL

To generate a corresponding RSA public key from the private key that we just generated, you can use the following OpenSSL command:

openssl rsa -in private_key.pem -pubout -out public_key.pem

In this command, the -in private_key.pem option specifies the input file name and location. The -pubout option specifies that we want to output the public key. Finally, the -out public_key.pem option specifies the output file name and location.

After running this command, the RSA public key will be stored in the public_key.pem file.

Step 4: Verify the Keys

To verify that the keys were generated correctly, you can use the following OpenSSL commands:

openssl rsa -in private_key.pem -text -noout
openssl rsa -in public_key.pem -pubin -text -noout

The first command will display the details of the private key, including the modulus, private exponent, and public exponent. The second command will display the details of the public key, including the modulus and public exponent.

Examples of Generating RSA Keys using OpenSSL

Generate the private key

$ openssl genpkey -algorithm RSA -out private_key.pem
...+...+.....+......+......+.+...+...........+.+........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+......+.......+..+....+............+...+.....+.+...+..+.........+.+...........+.......+..+......+....+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+.........+....+.....+...+.......+......+..........................+...+.+............+...+..+...+...........................+............+......+.+...+...+...............+..+.+.........+..+....+.....+.+........+......+....+..+...+................+......+...........+.........+.........+..........+..+.........+...+.......+...+........+...................+..................+..+.+.....+....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
...+...+.+......+.....+...+......+....+......+.....+...+.+..+...+.+........+.+..+.........+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*...+...+...........+......+.........+.......+..+.+.........+............+......+............+........+....+...+..+................+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+..+.+...+.....+......+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Using the command with the -aes256 will ask for the pass phrase like

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

In the following commands, we use the non-ecrypted version. With the encrypted version, the commands will as for the pass phrase to decrypt the private key when we use it.

Generate the public key

$ openssl rsa -in private_key.pem -pubout -out public_key.pem
writing RSA key

The keys:

$ cat private_key.pem 
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC/6vzUUC+LZoal
/tTtFzpYxbIZX7pJQBRo8hWfE57bj63qFhE2x77wPYxlbUc+zIIeH2j01r7MT/Lt
aTnrzgc77nBZCP13zX5pXGbERTktcxRgvKfPGD+cOMsCj6QIA1MNuCttBmMpKBqh
+AyXGwOgOWZkVfjCN8ANJZ+paA7nOjpbKRKUCr+VJM+hGlX6tQTmagLFcLbcfTNB
15Q0fJ4jKMddc9xVCUIU9NOWSzeM3NOt4ps5D5OPiCwwJAa9jSVZ4SdChf83/zQF
CDbWxxEG8aC6rri7nHiwdL3Bz6uoKRa5v4t2IMepezmb+1PgH9LD5ueQ+Zvar2FP
G2IusZkxAgMBAAECggEAAl3bTKJJK868W1YB+dh++4hDPXqHjrlaZxQ70wXdasy3
SCXfLs3rcK/5nWiUZ9WtccH7u9qIE3dAQiWO4CBeyMzpwsH7H4aVB/yVNyy5W0ef
g9/fsTdAgDnXuwowFiSLBNDKwaHssshlUlj/jWojsyPyEMuvRnSEiu+gq+igwmuD
wsYfxUw3s1XB8ziGwfTN/zQjN4fG9RbgfHZyQHjf25aNZmPR9Ch4XNc3FCj66e41
E8GHjwctLOPfN+UBhVGIVi1mS09D+pgFy8PZvZy+hHnOQ3iJq1hFIUMCU8zU7v+4
bLwVhcz1GMCKt2Cfiq7epJYl8ZwsrNCFut9TLOErBwKBgQDTy15U74qEr8wHIdut
PRSh6LHTcfL98l58BrsVxizktH7PDz0AW3bkbya3wZzLlo0XjKHwjbeioVaP3CVc
8TIj7CeiPofOpVFAa1nuFG+I4EmEqWZ/U/jPhi8oq1hRanBls7+MS7PC5W2HdCxS
rCO2q5Z+NA0eouFUuker7V/kHwKBgQDn+ZNYaF8ua3UzrS7u6PNydQuFAtK5pKRr
hZKh7z+EfcqnSM/1sVIAvJZvp66OhJtVglxIt6z7NEotsTYfy+qOo9EgsVnNXTLD
rW6qSDu4i+tmQvjG7lZFsL901ojb56us63ENuIB6v2qfwX26GPts/Wb/ezC2+oA3
U0qyBQZYrwKBgQCgLz0+YhnS9x8J+eqrIPpc5qCwOou807Xweiq/ci58H6OVOYI6
pfLLHOIcsvvC4y/9Mqk8RgMwpnPQxIEhxW7VyoPDayXN/izw2wCeV6hvzqrsAi96
d+lEE8nRKZ7XnPg7g3KJSqw/6MQpYY0wTe+I9kgRVY7ir/Ba47TXbOZMowKBgGqT
0cyGd2R+XmSVpsCBKohlmhtMRsCgEiKMReg8YXRfzuG4pEL/auuHuZ4m7h3wcuWA
dSG7sa/gQExp5LILIALU5NoeYWHm9dHNNtDpSvbo4ggjsOTEz8JJCE2H220dLVTO
/ywMnorGsxge78K2g515dv7d/G20/X9ttx2/DUFlAoGARUAoT3t4JDFeLgequksx
hosKOnK7ozUs6RgyYl4NoU0M8HI4oUy2x7U+NIQdPhZbZv4W9pnZYGq8P4k4bJ/h
tnBDsZKHxJw0GE1mXSJXwwJs2zeb9qw4z0ml4UvoMADRoCYarIXyAz8lVXTOrQ8V
1cFosCkSfdz5eaK4oxCZFjc=
-----END PRIVATE KEY-----

$ cat public_key.pem 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+r81FAvi2aGpf7U7Rc6
WMWyGV+6SUAUaPIVnxOe24+t6hYRNse+8D2MZW1HPsyCHh9o9Na+zE/y7Wk5684H
O+5wWQj9d81+aVxmxEU5LXMUYLynzxg/nDjLAo+kCANTDbgrbQZjKSgaofgMlxsD
oDlmZFX4wjfADSWfqWgO5zo6WykSlAq/lSTPoRpV+rUE5moCxXC23H0zQdeUNHye
IyjHXXPcVQlCFPTTlks3jNzTreKbOQ+Tj4gsMCQGvY0lWeEnQoX/N/80BQg21scR
BvGguq64u5x4sHS9wc+rqCkWub+LdiDHqXs5m/tT4B/Sw+bnkPmb2q9hTxtiLrGZ
MQIDAQAB
-----END PUBLIC KEY-----

The content of the keys as the raw numbers

$ openssl rsa -in private_key.pem -text -noout
Private-Key: (2048 bit, 2 primes)
modulus:
    00:bf:ea:fc:d4:50:2f:8b:66:86:a5:fe:d4:ed:17:
    3a:58:c5:b2:19:5f:ba:49:40:14:68:f2:15:9f:13:
    9e:db:8f:ad:ea:16:11:36:c7:be:f0:3d:8c:65:6d:
    47:3e:cc:82:1e:1f:68:f4:d6:be:cc:4f:f2:ed:69:
    39:eb:ce:07:3b:ee:70:59:08:fd:77:cd:7e:69:5c:
    66:c4:45:39:2d:73:14:60:bc:a7:cf:18:3f:9c:38:
    cb:02:8f:a4:08:03:53:0d:b8:2b:6d:06:63:29:28:
    1a:a1:f8:0c:97:1b:03:a0:39:66:64:55:f8:c2:37:
    c0:0d:25:9f:a9:68:0e:e7:3a:3a:5b:29:12:94:0a:
    bf:95:24:cf:a1:1a:55:fa:b5:04:e6:6a:02:c5:70:
    b6:dc:7d:33:41:d7:94:34:7c:9e:23:28:c7:5d:73:
    dc:55:09:42:14:f4:d3:96:4b:37:8c:dc:d3:ad:e2:
    9b:39:0f:93:8f:88:2c:30:24:06:bd:8d:25:59:e1:
    27:42:85:ff:37:ff:34:05:08:36:d6:c7:11:06:f1:
    a0:ba:ae:b8:bb:9c:78:b0:74:bd:c1:cf:ab:a8:29:
    16:b9:bf:8b:76:20:c7:a9:7b:39:9b:fb:53:e0:1f:
    d2:c3:e6:e7:90:f9:9b:da:af:61:4f:1b:62:2e:b1:
    99:31
publicExponent: 65537 (0x10001)
privateExponent:
    02:5d:db:4c:a2:49:2b:ce:bc:5b:56:01:f9:d8:7e:
    fb:88:43:3d:7a:87:8e:b9:5a:67:14:3b:d3:05:dd:
    6a:cc:b7:48:25:df:2e:cd:eb:70:af:f9:9d:68:94:
    67:d5:ad:71:c1:fb:bb:da:88:13:77:40:42:25:8e:
    e0:20:5e:c8:cc:e9:c2:c1:fb:1f:86:95:07:fc:95:
    37:2c:b9:5b:47:9f:83:df:df:b1:37:40:80:39:d7:
    bb:0a:30:16:24:8b:04:d0:ca:c1:a1:ec:b2:c8:65:
    52:58:ff:8d:6a:23:b3:23:f2:10:cb:af:46:74:84:
    8a:ef:a0:ab:e8:a0:c2:6b:83:c2:c6:1f:c5:4c:37:
    b3:55:c1:f3:38:86:c1:f4:cd:ff:34:23:37:87:c6:
    f5:16:e0:7c:76:72:40:78:df:db:96:8d:66:63:d1:
    f4:28:78:5c:d7:37:14:28:fa:e9:ee:35:13:c1:87:
    8f:07:2d:2c:e3:df:37:e5:01:85:51:88:56:2d:66:
    4b:4f:43:fa:98:05:cb:c3:d9:bd:9c:be:84:79:ce:
    43:78:89:ab:58:45:21:43:02:53:cc:d4:ee:ff:b8:
    6c:bc:15:85:cc:f5:18:c0:8a:b7:60:9f:8a:ae:de:
    a4:96:25:f1:9c:2c:ac:d0:85:ba:df:53:2c:e1:2b:
    07
prime1:
    00:d3:cb:5e:54:ef:8a:84:af:cc:07:21:db:ad:3d:
    14:a1:e8:b1:d3:71:f2:fd:f2:5e:7c:06:bb:15:c6:
    2c:e4:b4:7e:cf:0f:3d:00:5b:76:e4:6f:26:b7:c1:
    9c:cb:96:8d:17:8c:a1:f0:8d:b7:a2:a1:56:8f:dc:
    25:5c:f1:32:23:ec:27:a2:3e:87:ce:a5:51:40:6b:
    59:ee:14:6f:88:e0:49:84:a9:66:7f:53:f8:cf:86:
    2f:28:ab:58:51:6a:70:65:b3:bf:8c:4b:b3:c2:e5:
    6d:87:74:2c:52:ac:23:b6:ab:96:7e:34:0d:1e:a2:
    e1:54:ba:47:ab:ed:5f:e4:1f
prime2:
    00:e7:f9:93:58:68:5f:2e:6b:75:33:ad:2e:ee:e8:
    f3:72:75:0b:85:02:d2:b9:a4:a4:6b:85:92:a1:ef:
    3f:84:7d:ca:a7:48:cf:f5:b1:52:00:bc:96:6f:a7:
    ae:8e:84:9b:55:82:5c:48:b7:ac:fb:34:4a:2d:b1:
    36:1f:cb:ea:8e:a3:d1:20:b1:59:cd:5d:32:c3:ad:
    6e:aa:48:3b:b8:8b:eb:66:42:f8:c6:ee:56:45:b0:
    bf:74:d6:88:db:e7:ab:ac:eb:71:0d:b8:80:7a:bf:
    6a:9f:c1:7d:ba:18:fb:6c:fd:66:ff:7b:30:b6:fa:
    80:37:53:4a:b2:05:06:58:af
exponent1:
    00:a0:2f:3d:3e:62:19:d2:f7:1f:09:f9:ea:ab:20:
    fa:5c:e6:a0:b0:3a:8b:bc:d3:b5:f0:7a:2a:bf:72:
    2e:7c:1f:a3:95:39:82:3a:a5:f2:cb:1c:e2:1c:b2:
    fb:c2:e3:2f:fd:32:a9:3c:46:03:30:a6:73:d0:c4:
    81:21:c5:6e:d5:ca:83:c3:6b:25:cd:fe:2c:f0:db:
    00:9e:57:a8:6f:ce:aa:ec:02:2f:7a:77:e9:44:13:
    c9:d1:29:9e:d7:9c:f8:3b:83:72:89:4a:ac:3f:e8:
    c4:29:61:8d:30:4d:ef:88:f6:48:11:55:8e:e2:af:
    f0:5a:e3:b4:d7:6c:e6:4c:a3
exponent2:
    6a:93:d1:cc:86:77:64:7e:5e:64:95:a6:c0:81:2a:
    88:65:9a:1b:4c:46:c0:a0:12:22:8c:45:e8:3c:61:
    74:5f:ce:e1:b8:a4:42:ff:6a:eb:87:b9:9e:26:ee:
    1d:f0:72:e5:80:75:21:bb:b1:af:e0:40:4c:69:e4:
    b2:0b:20:02:d4:e4:da:1e:61:61:e6:f5:d1:cd:36:
    d0:e9:4a:f6:e8:e2:08:23:b0:e4:c4:cf:c2:49:08:
    4d:87:db:6d:1d:2d:54:ce:ff:2c:0c:9e:8a:c6:b3:
    18:1e:ef:c2:b6:83:9d:79:76:fe:dd:fc:6d:b4:fd:
    7f:6d:b7:1d:bf:0d:41:65
coefficient:
    45:40:28:4f:7b:78:24:31:5e:2e:07:aa:ba:4b:31:
    86:8b:0a:3a:72:bb:a3:35:2c:e9:18:32:62:5e:0d:
    a1:4d:0c:f0:72:38:a1:4c:b6:c7:b5:3e:34:84:1d:
    3e:16:5b:66:fe:16:f6:99:d9:60:6a:bc:3f:89:38:
    6c:9f:e1:b6:70:43:b1:92:87:c4:9c:34:18:4d:66:
    5d:22:57:c3:02:6c:db:37:9b:f6:ac:38:cf:49:a5:
    e1:4b:e8:30:00:d1:a0:26:1a:ac:85:f2:03:3f:25:
    55:74:ce:ad:0f:15:d5:c1:68:b0:29:12:7d:dc:f9:
    79:a2:b8:a3:10:99:16:37

$ openssl rsa -in public_key.pem -pubin -text -noout
Public-Key: (2048 bit)
Modulus:
    00:bf:ea:fc:d4:50:2f:8b:66:86:a5:fe:d4:ed:17:
    3a:58:c5:b2:19:5f:ba:49:40:14:68:f2:15:9f:13:
    9e:db:8f:ad:ea:16:11:36:c7:be:f0:3d:8c:65:6d:
    47:3e:cc:82:1e:1f:68:f4:d6:be:cc:4f:f2:ed:69:
    39:eb:ce:07:3b:ee:70:59:08:fd:77:cd:7e:69:5c:
    66:c4:45:39:2d:73:14:60:bc:a7:cf:18:3f:9c:38:
    cb:02:8f:a4:08:03:53:0d:b8:2b:6d:06:63:29:28:
    1a:a1:f8:0c:97:1b:03:a0:39:66:64:55:f8:c2:37:
    c0:0d:25:9f:a9:68:0e:e7:3a:3a:5b:29:12:94:0a:
    bf:95:24:cf:a1:1a:55:fa:b5:04:e6:6a:02:c5:70:
    b6:dc:7d:33:41:d7:94:34:7c:9e:23:28:c7:5d:73:
    dc:55:09:42:14:f4:d3:96:4b:37:8c:dc:d3:ad:e2:
    9b:39:0f:93:8f:88:2c:30:24:06:bd:8d:25:59:e1:
    27:42:85:ff:37:ff:34:05:08:36:d6:c7:11:06:f1:
    a0:ba:ae:b8:bb:9c:78:b0:74:bd:c1:cf:ab:a8:29:
    16:b9:bf:8b:76:20:c7:a9:7b:39:9b:fb:53:e0:1f:
    d2:c3:e6:e7:90:f9:9b:da:af:61:4f:1b:62:2e:b1:
    99:31
Exponent: 65537 (0x10001)

Leave a Reply

Your email address will not be published. Required fields are marked *