[thirdparty/openssl.git] / doc / apps / genrsa.pod

=pod

=head1 NAME

genrsa - generate an RSA private key

=head1 SYNOPSIS

B<openssl> B<genrsa>
[B<-out filename>]
[B<-passout arg>]
[B<-aes128>]
[B<-aes128>]
[B<-aes192>]
[B<-aes256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-aes192>]
[B<-aes256>]
[B<-camellia128>]
[B<-camellia192>]
[B<-camellia256>]
[B<-des>]
[B<-des3>]
[B<-idea>]
[B<-f4>]
[B<-3>]
[B<-rand file(s)>]
[B<-engine id>]
[B<numbits>]

=head1 DESCRIPTION

The B<genrsa> command generates an RSA private key.

=head1 OPTIONS

=over 4

=item B<-out filename>

the output filename. If this argument is not specified then standard output is
used.  

=item B<-passout arg>

the output file password source. For more information about the format of B<arg>
see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.

=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea>

These options encrypt the private key with specified
cipher before outputting it. If none of these options is
specified no encryption is used. If encryption is used a pass phrase is prompted
for if it is not supplied via the B<-passout> argument.

=item B<-F4|-3>

the public exponent to use, either 65537 or 3. The default is 65537.

=item B<-rand file(s)>

a file or files containing random data used to seed the random number
generator, or an EGD socket (see L<RAND_egd(3)>).
Multiple files can be specified separated by a OS-dependent character.
The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
all others.

=item B<-engine id>

specifying an engine (by its unique B<id> string) will cause B<genrsa>
to attempt to obtain a functional reference to the specified engine,
thus initialising it if needed. The engine will then be set as the default
for all available algorithms.

=item B<numbits>

the size of the private key to generate in bits. This must be the last option
specified. The default is 512.

=back

=head1 NOTES

RSA private key generation essentially involves the generation of two prime
numbers. When generating a private key various symbols will be output to
indicate the progress of the generation. A B<.> represents each number which
has passed an initial sieve test, B<+> means a number has passed a single
round of the Miller-Rabin primality test. A newline means that the number has
passed all the prime tests (the actual number depends on the key size).

Because key generation is a random process the time taken to generate a key
may vary somewhat.

=head1 BUGS

A quirk of the prime generation algorithm is that it cannot generate small
primes. Therefore the number of bits should not be less that 64. For typical
private keys this will not matter because for security reasons they will
be much larger (typically 1024 bits).

=head1 SEE ALSO

L<gendsa(1)>

=cut
Commit	Line	Data
aba3e65f DSH	1	=pod
	2
	3	=head1 NAME
	4
	5	genrsa - generate an RSA private key
	6
aba3e65f DSH	7	=head1 SYNOPSIS
	8
	9	B<openssl> B<genrsa>
	10	[B<-out filename>]
a3fe382e	11	[B<-passout arg>]
fc1d88f0 RS	12	[B<-aes128>]
	13	[B<-aes128>]
	14	[B<-aes192>]
	15	[B<-aes256>]
	16	[B<-camellia128>]
	17	[B<-camellia192>]
	18	[B<-camellia256>]
	19	[B<-aes192>]
	20	[B<-aes256>]
	21	[B<-camellia128>]
	22	[B<-camellia192>]
	23	[B<-camellia256>]
aba3e65f DSH	24	[B<-des>]
	25	[B<-des3>]
	26	[B<-idea>]
	27	[B<-f4>]
	28	[B<-3>]
9597902a	29	[B<-rand file(s)>]
bfa35550	30	[B<-engine id>]
aba3e65f DSH	31	[B<numbits>]
	32
	33	=head1 DESCRIPTION
	34
	35	The B<genrsa> command generates an RSA private key.
	36
	37	=head1 OPTIONS
	38
	39	=over 4
	40
f07fb9b2 DSH	41	=item B<-out filename>
	42
	43	the output filename. If this argument is not specified then standard output is
	44	used.
	45
a3fe382e	46	=item B<-passout arg>
f07fb9b2	47
a3fe382e	48	the output file password source. For more information about the format of B<arg>
9b86974e	49	see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)>.
f07fb9b2	50
fc1d88f0	51	=item B<-aes128\|-aes192\|-aes256\|-camellia128\|-camellia192\|-camellia256\|-des\|-des3\|-idea>
aba3e65f	52
fc1d88f0 RS	53	These options encrypt the private key with specified
fc1d88f0 RS	54	cipher before outputting it. If none of these options is
f07fb9b2	55	specified no encryption is used. If encryption is used a pass phrase is prompted
a3fe382e	56	for if it is not supplied via the B<-passout> argument.
aba3e65f DSH	57
	58	=item B<-F4\|-3>
	59
	60	the public exponent to use, either 65537 or 3. The default is 65537.
	61
9597902a	62	=item B<-rand file(s)>
aba3e65f DSH	63
aba3e65f DSH	64	a file or files containing random data used to seed the random number
9b86974e	65	generator, or an EGD socket (see L<RAND_egd(3)>).
a4cfd178	66	Multiple files can be specified separated by a OS-dependent character.
b87ef946	67	The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
a4cfd178	68	all others.
bfa35550 RL	69
	70	=item B<-engine id>
	71
e5fa864f	72	specifying an engine (by its unique B<id> string) will cause B<genrsa>
bfa35550 RL	73	to attempt to obtain a functional reference to the specified engine,
	74	thus initialising it if needed. The engine will then be set as the default
	75	for all available algorithms.
aba3e65f DSH	76
	77	=item B<numbits>
	78
	79	the size of the private key to generate in bits. This must be the last option
	80	specified. The default is 512.
	81
	82	=back
	83
	84	=head1 NOTES
	85
	86	RSA private key generation essentially involves the generation of two prime
	87	numbers. When generating a private key various symbols will be output to
a3fe382e DSH	88	indicate the progress of the generation. A B<.> represents each number which
	89	has passed an initial sieve test, B<+> means a number has passed a single
	90	round of the Miller-Rabin primality test. A newline means that the number has
	91	passed all the prime tests (the actual number depends on the key size).
aba3e65f DSH	92
	93	Because key generation is a random process the time taken to generate a key
	94	may vary somewhat.
	95
	96	=head1 BUGS
	97
	98	A quirk of the prime generation algorithm is that it cannot generate small
	99	primes. Therefore the number of bits should not be less that 64. For typical
	100	private keys this will not matter because for security reasons they will
	101	be much larger (typically 1024 bits).
	102
	103	=head1 SEE ALSO
	104
9b86974e	105	L<gendsa(1)>
369782ac UM	106
	107	=cut
	108