[thirdparty/openssl.git] / doc / apps / genrsa.pod

=pod

=head1 NAME

genrsa - generate an RSA private key

=head1 SYNOPSIS

B<openssl> B<genrsa>
[B<-help>]
[B<-out filename>]
[B<-passout arg>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-f4>]
[B<-3>]
[B<-rand file(s)>]
[B<-engine id>]
[B<numbits>]

=head1 DESCRIPTION

The B<genrsa> command generates an RSA private key.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-out filename>

Output the key to the specified file. If this argument is not specified then
standard output is used.

=item B<-passout arg>

the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>

These options encrypt the private key with specified
cipher before outputting it. If none of these options is
specified no encryption is used. If encryption is used a pass phrase is prompted
for if it is not supplied via the B<-passout> argument.

=item B<-F4|-3>

the public exponent to use, either 65537 or 3. The default is 65537.

=item B<-rand file(s)>

a file or files containing random data used to seed the random number
generator, or an EGD socket (see L<RAND_egd(3)>).
Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.

=item B<-engine id>

specifying an engine (by its unique B<id> string) will cause B<genrsa>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.

=item B<numbits>

the size of the private key to generate in bits. This must be the last option
specified. The default is 512.

=back

=head1 NOTES

RSA private key generation essentially involves the generation of two prime
numbers. When generating a private key various symbols will be output to
indicate the progress of the generation. A B<.> represents each number which
has passed an initial sieve test, B<+> means a number has passed a single
round of the Miller-Rabin primality test. A newline means that the number has
passed all the prime tests (the actual number depends on the key size).

Because key generation is a random process the time taken to generate a key
may vary somewhat.

=head1 BUGS

A quirk of the prime generation algorithm is that it cannot generate small
primes. Therefore the number of bits should not be less that 64. For typical
private keys this will not matter because for security reasons they will
be much larger (typically 1024 bits).

=head1 SEE ALSO

L<gendsa(1)>

=cut
Commit	Line	Data
aba3e65f DSH	1	=pod
	2
	3	=head1 NAME
	4
	5	genrsa - generate an RSA private key
	6
aba3e65f DSH	7	=head1 SYNOPSIS
	8
	9	B<openssl> B<genrsa>
169394d4	10	[B<-help>]
aba3e65f	11	[B<-out filename>]
a3fe382e	12	[B<-passout arg>]
fc1d88f0	13	[B<-aes128>]
fc1d88f0 RS	14	[B<-aes192>]
	15	[B<-aes256>]
	16	[B<-camellia128>]
	17	[B<-camellia192>]
	18	[B<-camellia256>]
aba3e65f DSH	19	[B<-des>]
	20	[B<-des3>]
	21	[B<-idea>]
	22	[B<-f4>]
	23	[B<-3>]
9597902a	24	[B<-rand file(s)>]
bfa35550	25	[B<-engine id>]
aba3e65f DSH	26	[B<numbits>]
	27
	28	=head1 DESCRIPTION
	29
	30	The B<genrsa> command generates an RSA private key.
	31
	32	=head1 OPTIONS
	33
	34	=over 4
	35
169394d4 MR	36	=item B<-help>
	37
	38	Print out a usage message.
	39
f07fb9b2 DSH	40	=item B<-out filename>
f07fb9b2 DSH	41
169394d4 MR	42	Output the key to the specified file. If this argument is not specified then
169394d4 MR	43	standard output is used.
f07fb9b2	44
a3fe382e	45	=item B<-passout arg>
f07fb9b2	46
a3fe382e	47	the output file password source. For more information about the format of B<arg>
9b86974e	48	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
f07fb9b2	49
fc1d88f0	50	=item B<-aes128\|-aes192\|-aes256\|-camellia128\|-camellia192\|-camellia256\|-des\|-des3\|-idea>
aba3e65f	51
fc1d88f0 RS	52	These options encrypt the private key with specified
fc1d88f0 RS	53	cipher before outputting it. If none of these options is
f07fb9b2	54	specified no encryption is used. If encryption is used a pass phrase is prompted
a3fe382e	55	for if it is not supplied via the B<-passout> argument.
aba3e65f DSH	56
	57	=item B<-F4\|-3>
	58
	59	the public exponent to use, either 65537 or 3. The default is 65537.
	60
9597902a	61	=item B<-rand file(s)>
aba3e65f DSH	62
aba3e65f DSH	63	a file or files containing random data used to seed the random number
9b86974e	64	generator, or an EGD socket (see L<RAND_egd(3)>).
a4cfd178	65	Multiple files can be specified separated by a OS-dependent character.
b87ef946	66	The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
a4cfd178	67	all others.
bfa35550 RL	68
	69	=item B<-engine id>
	70
e5fa864f	71	specifying an engine (by its unique B<id> string) will cause B<genrsa>
bfa35550 RL	72	to attempt to obtain a functional reference to the specified engine,
	73	thus initialising it if needed. The engine will then be set as the default
	74	for all available algorithms.
aba3e65f DSH	75
	76	=item B<numbits>
	77
	78	the size of the private key to generate in bits. This must be the last option
	79	specified. The default is 512.
	80
	81	=back
	82
	83	=head1 NOTES
	84
	85	RSA private key generation essentially involves the generation of two prime
	86	numbers. When generating a private key various symbols will be output to
a3fe382e DSH	87	indicate the progress of the generation. A B<.> represents each number which
	88	has passed an initial sieve test, B<+> means a number has passed a single
	89	round of the Miller-Rabin primality test. A newline means that the number has
	90	passed all the prime tests (the actual number depends on the key size).
aba3e65f DSH	91
	92	Because key generation is a random process the time taken to generate a key
	93	may vary somewhat.
	94
	95	=head1 BUGS
	96
	97	A quirk of the prime generation algorithm is that it cannot generate small
	98	primes. Therefore the number of bits should not be less that 64. For typical
	99	private keys this will not matter because for security reasons they will
	100	be much larger (typically 1024 bits).
	101
	102	=head1 SEE ALSO
	103
9b86974e	104	L<gendsa(1)>
369782ac UM	105
	106	=cut
	107