• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Mister PKI

SSL Certificates * SSL Tools * Certificate Decoder

  • Buy SSL Certificates
  • Blog
  • OpenSSL
  • Keytool
  • SSL Tools
  • Donate

openssl genpkey

March 22, 2020 by Mister PKI Leave a Comment

The openssl genpkey command is a utility for generating asymmetric private keys.

openssl genpkey or genrsa

The openssl genpkey utility has superseded the genrsa utility. While the genrsa is still valid and in use today, it is recommended to start using genpkey. genpkey gives you more than just the ability to generate RSA keys, as it also allows you to generate RSA, RSA-PSS, EC, X25519, X448, ED25519 and ED448.

If you want to learn more about the genrsa utility, please read our post about the genrsa.

openssl genpkey encrypt with a password

To generate an encrypted RSA private key, run the following command:

openssl genpkey -algorithm RSA -out key.pem -aes-256-cbc

Where -algorithm RSA means generate an RSA private key, -out key.pem is the filename that will contain the encrypted private key, and -aes-256-cbc is the cipher used to encrypt the private key. Note that you will be prompted for a password to secure the private key.

When viewing the encrypted private key, the headers will be -----BEGIN ENCRYPTED PRIVATE KEY----- which are different than the headers you get when using the genrsa utility.

Generate an EC private key with genpkey

openssl genpkey -algorithm EC -out eckey.pem -pkeyopt ec_paramgen_curve:P-384 -pkeyopt ec_param_enc:named_curve

Where -algorithm EC means use the EC algorithm, -out eckey.pem is the filename of the private key, -pkeyopt ec_paramgen_curve:P-384 is the name of the curve.

Generate an X25519 private key with genpkey

openssl genpkey -algorithm X25519 -out key.pem

Where -algorithm X25519 is the algorithm being used, and -out key.pem is the filename that will store the generated private key.

X25519 is an elliptic curve DH exchange.

Generate an ED448 private key with genpkey

openssl genpkey -algorithm ED448 -out key.pem

Where -algorithm ED448 is the algorithm being used, and -out key.pem is the filename that will store the generated private key.

ED448 is an elliptic curve used with ECDH key exchange.

Read more of our content.

openssl

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Popular Posts

PKCS12

openssl s_client

Keytool

Keytool list

ECDSA vs RSA

OpenSSL

PKCS7

Certificate Decoder

Training Courses

Top online courses in IT & Software

Cyber Security Training

Udemy - The Complete Internet Security Privacy Course icon

Buy SSL Certificates

The SSL Store

Comodo Store

Sectigo Store

RapidSSL

Recent Posts

  • pfx password
  • pkcs12
  • Sendmail vs Postfix – Mail Transfer Agent Comparison
  • Python mock datetime now
  • Python get SSL Certificate

Footer

  • Twitter
  • YouTube

Pages

  • About Mister PKI
  • Blog
  • Compare and Buy Affordable PKI Certificates
  • Contact Us
  • Full Disclosure
  • Privacy Policy
  • SSL Tools – Certificate Decoder and Certificate Checker

Copyright © 2022