• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

All things PKI, HTTPS, SSL, TLS, Digital Certificates

  • Buy SSL Certificates
  • Blog
  • Java Keytool
  • OpenSSL
  • Certificate Decoder
  • Donate

openssl genpkey

March 22, 2020 by Mister PKI Leave a Comment

The openssl genpkey command is a utility for generating asymmetric private keys.

openssl genpkey or genrsa

The openssl genpkey utility has superseded the genrsa utility. While the genrsa is still valid and in use today, it is recommended to start using genpkey. genpkey gives you more than just the ability to generate RSA keys, as it also allows you to generate RSA, RSA-PSS, EC, X25519, X448, ED25519 and ED448.

If you want to learn more about the genrsa utility, please read our post about the genrsa.

openssl genpkey encrypt with a password

To generate an encrypted RSA private key, run the following command:

openssl genpkey -algorithm RSA -out key.pem -aes-256-cbc

Where -algorithm RSA means generate an RSA private key, -out key.pem is the filename that will contain the encrypted private key, and -aes-256-cbc is the cipher used to encrypt the private key. Note that you will be prompted for a password to secure the private key.

When viewing the encrypted private key, the headers will be -----BEGIN ENCRYPTED PRIVATE KEY----- which are different than the headers you get when using the genrsa utility.

Generate an EC private key with genpkey

openssl genpkey -algorithm EC -out eckey.pem -pkeyopt ec_paramgen_curve:P-384 -pkeyopt ec_param_enc:named_curve

Where -algorithm EC means use the EC algorithm, -out eckey.pem is the filename of the private key, -pkeyopt ec_paramgen_curve:P-384 is the name of the curve.

Generate an X25519 private key with genpkey

openssl genpkey -algorithm X25519 -out key.pem

Where -algorithm X25519 is the algorithm being used, and -out key.pem is the filename that will store the generated private key.

X25519 is an elliptic curve DH exchange.

Generate an ED448 private key with genpkey

openssl genpkey -algorithm ED448 -out key.pem

Where -algorithm ED448 is the algorithm being used, and -out key.pem is the filename that will store the generated private key.

ED448 is an elliptic curve used with ECDH key exchange.

Read more of our content.

Uncategorized

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • keytool delete alias – How to delete an alias from a keystore
  • keytool alias -changealias – How to change a private key alias
  • SSL Certificate Expiration and SSL Certificate Renewal
  • What are SSL certificates?
  • Java SecureRandom
SSL/TLS Certificate Small Square (200 x 200)

Footer

  • Twitter
  • YouTube

Copyright © 2021 ยท Designed by North Flow Tech