]>
Commit | Line | Data |
---|---|---|
aba3e65f | 1 | =pod |
625c781d | 2 | {- OpenSSL::safe::output_do_not_edit_headers(); -} |
9fcb9702 | 3 | |
aba3e65f DSH |
4 | =head1 NAME |
5 | ||
b6b66573 | 6 | openssl-genrsa - generate an RSA private key |
aba3e65f | 7 | |
aba3e65f DSH |
8 | =head1 SYNOPSIS |
9 | ||
10 | B<openssl> B<genrsa> | |
169394d4 | 11 | [B<-help>] |
e8769719 RS |
12 | [B<-out> I<filename>] |
13 | [B<-passout> I<arg>] | |
fc1d88f0 | 14 | [B<-aes128>] |
fc1d88f0 RS |
15 | [B<-aes192>] |
16 | [B<-aes256>] | |
d42d0a4d P |
17 | [B<-aria128>] |
18 | [B<-aria192>] | |
19 | [B<-aria256>] | |
fc1d88f0 RS |
20 | [B<-camellia128>] |
21 | [B<-camellia192>] | |
22 | [B<-camellia256>] | |
aba3e65f DSH |
23 | [B<-des>] |
24 | [B<-des3>] | |
25 | [B<-idea>] | |
65718c51 RS |
26 | [B<-F4>] |
27 | [B<-f4>] | |
28 | [B<-3>] | |
e8769719 | 29 | [B<-primes> I<num>] |
c43fa566 | 30 | [B<-verbose>] |
9fcb9702 | 31 | {- $OpenSSL::safe::opt_r_synopsis -} |
018aaeb4 | 32 | {- $OpenSSL::safe::opt_engine_synopsis -} |
aba3e65f DSH |
33 | [B<numbits>] |
34 | ||
9f3c076b | 35 | =for openssl ifdef engine |
1738c0ce | 36 | |
aba3e65f DSH |
37 | =head1 DESCRIPTION |
38 | ||
b9f733c2 P |
39 | This command has been deprecated. |
40 | The L<openssl-genpkey(1)> command should be used instead. | |
41 | ||
35a810bb | 42 | This command generates an RSA private key. |
aba3e65f DSH |
43 | |
44 | =head1 OPTIONS | |
45 | ||
46 | =over 4 | |
47 | ||
169394d4 MR |
48 | =item B<-help> |
49 | ||
50 | Print out a usage message. | |
51 | ||
e8769719 | 52 | =item B<-out> I<filename> |
f07fb9b2 | 53 | |
169394d4 MR |
54 | Output the key to the specified file. If this argument is not specified then |
55 | standard output is used. | |
f07fb9b2 | 56 | |
e8769719 | 57 | =item B<-passout> I<arg> |
f07fb9b2 | 58 | |
c4de074e | 59 | The output file password source. For more information about the format |
3a4e43de | 60 | see L<openssl(1)/Pass Phrase Options>. |
f07fb9b2 | 61 | |
dfee8626 | 62 | =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> |
aba3e65f | 63 | |
fc1d88f0 RS |
64 | These options encrypt the private key with specified |
65 | cipher before outputting it. If none of these options is | |
f07fb9b2 | 66 | specified no encryption is used. If encryption is used a pass phrase is prompted |
a3fe382e | 67 | for if it is not supplied via the B<-passout> argument. |
aba3e65f | 68 | |
65718c51 | 69 | =item B<-F4>, B<-f4>, B<-3> |
aba3e65f | 70 | |
c4de074e | 71 | The public exponent to use, either 65537 or 3. The default is 65537. |
aba3e65f | 72 | |
e8769719 | 73 | =item B<-primes> I<num> |
665d899f | 74 | |
2f0ea936 | 75 | Specify the number of primes to use while generating the RSA key. The I<num> |
665d899f | 76 | parameter must be a positive integer that is greater than 1 and less than 16. |
2f0ea936 | 77 | If I<num> is greater than 2, then the generated key is called a 'multi-prime' |
665d899f PY |
78 | RSA key, which is defined in RFC 8017. |
79 | ||
c43fa566 PP |
80 | =item B<-verbose> |
81 | ||
82 | Print extra details about the operations being performed. | |
83 | ||
9fcb9702 RS |
84 | {- $OpenSSL::safe::opt_r_item -} |
85 | ||
018aaeb4 RS |
86 | {- $OpenSSL::safe::opt_engine_item -} |
87 | ||
aba3e65f DSH |
88 | =item B<numbits> |
89 | ||
c4de074e | 90 | The size of the private key to generate in bits. This must be the last option |
cac19d19 | 91 | specified. The default is 2048 and values less than 512 are not allowed. |
aba3e65f DSH |
92 | |
93 | =back | |
94 | ||
95 | =head1 NOTES | |
96 | ||
665d899f PY |
97 | RSA private key generation essentially involves the generation of two or more |
98 | prime numbers. When generating a private key various symbols will be output to | |
a3fe382e DSH |
99 | indicate the progress of the generation. A B<.> represents each number which |
100 | has passed an initial sieve test, B<+> means a number has passed a single | |
665d899f PY |
101 | round of the Miller-Rabin primality test, B<*> means the current prime starts |
102 | a regenerating progress due to some failed tests. A newline means that the number | |
103 | has passed all the prime tests (the actual number depends on the key size). | |
aba3e65f DSH |
104 | |
105 | Because key generation is a random process the time taken to generate a key | |
665d899f PY |
106 | may vary somewhat. But in general, more primes lead to less generation time |
107 | of a key. | |
aba3e65f | 108 | |
aba3e65f DSH |
109 | =head1 SEE ALSO |
110 | ||
b6b66573 | 111 | L<openssl(1)>, |
b9f733c2 | 112 | L<openssl-genpkey(1)>, |
b6b66573 | 113 | L<openssl-gendsa(1)> |
369782ac | 114 | |
b9f733c2 P |
115 | =head1 HISTORY |
116 | ||
117 | This command was deprecated in OpenSSL 3.0. | |
118 | ||
e2f92610 RS |
119 | =head1 COPYRIGHT |
120 | ||
b6b66573 | 121 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 122 | |
449040b4 | 123 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
124 | this file except in compliance with the License. You can obtain a copy |
125 | in the file LICENSE in the source distribution or at | |
126 | L<https://www.openssl.org/source/license.html>. | |
127 | ||
128 | =cut |