]>
Commit | Line | Data |
---|---|---|
49131a7d DSH |
1 | =pod |
2 | ||
018aaeb4 RS |
3 | =begin comment |
4 | {- join("\n", @autowarntext) -} | |
5 | ||
6 | =end comment | |
7 | ||
49131a7d DSH |
8 | =head1 NAME |
9 | ||
b6b66573 | 10 | openssl-genpkey - generate a private key |
49131a7d DSH |
11 | |
12 | =head1 SYNOPSIS | |
13 | ||
14 | B<openssl> B<genpkey> | |
169394d4 | 15 | [B<-help>] |
e8769719 RS |
16 | [B<-out> I<filename>] |
17 | [B<-outform> B<DER>|B<PEM>] | |
18 | [B<-pass> I<arg>] | |
8dc57d76 | 19 | [B<-I<cipher>>] |
e8769719 RS |
20 | [B<-paramfile> I<file>] |
21 | [B<-algorithm> I<alg>] | |
2f0ea936 | 22 | [B<-pkeyopt> I<opt>:I<value>] |
49131a7d DSH |
23 | [B<-genparam>] |
24 | [B<-text>] | |
018aaeb4 | 25 | {- $OpenSSL::safe::opt_engine_synopsis -} |
6bd4e3f2 | 26 | {- $OpenSSL::safe::opt_provider_synopsis -} |
49131a7d | 27 | |
9f3c076b | 28 | =for openssl ifdef engine |
1738c0ce | 29 | |
49131a7d DSH |
30 | =head1 DESCRIPTION |
31 | ||
35a810bb | 32 | This command generates a private key. |
49131a7d DSH |
33 | |
34 | =head1 OPTIONS | |
35 | ||
36 | =over 4 | |
37 | ||
169394d4 MR |
38 | =item B<-help> |
39 | ||
40 | Print out a usage message. | |
41 | ||
e8769719 | 42 | =item B<-out> I<filename> |
49131a7d | 43 | |
169394d4 MR |
44 | Output the key to the specified file. If this argument is not specified then |
45 | standard output is used. | |
49131a7d | 46 | |
e8769719 | 47 | =item B<-outform> B<DER>|B<PEM> |
49131a7d | 48 | |
777182a0 RS |
49 | The output format; the default is B<PEM>. |
50 | See L<openssl(1)/Format Options> for details. | |
49131a7d | 51 | |
e8769719 | 52 | =item B<-pass> I<arg> |
49131a7d | 53 | |
2f0ea936 | 54 | The output file password source. For more information about the format of I<arg> |
3a4e43de | 55 | see L<openssl(1)/Pass Phrase Options>. |
49131a7d | 56 | |
8dc57d76 | 57 | =item B<-I<cipher>> |
49131a7d | 58 | |
5ce60a20 | 59 | This option encrypts the private key with the supplied cipher. Any algorithm |
49131a7d DSH |
60 | name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>. |
61 | ||
e8769719 | 62 | =item B<-algorithm> I<alg> |
49131a7d | 63 | |
c4de074e | 64 | Public key algorithm to use such as RSA, DSA or DH. If used this option must |
f489ab31 | 65 | precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> |
77579510 MC |
66 | are mutually exclusive. Engines may add algorithms in addition to the standard |
67 | built-in ones. | |
68 | ||
69 | Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC, | |
70 | X25519, X448, ED25519 and ED448. | |
71 | ||
72 | Valid built-in algorithm names for parameter generation (see the B<-genparam> | |
73 | option) are DH, DSA and EC. | |
74 | ||
75 | Note that the algorithm name X9.42 DH may be used as a synonym for the DH | |
76 | algorithm. These are identical and do not indicate the type of parameters that | |
77 | will be generated. Use the B<dh_paramgen_type> option to indicate whether PKCS#3 | |
8bc93d2f | 78 | or X9.42 DH parameters are required. See L</DH Parameter Generation Options> |
77579510 | 79 | below for more details. |
49131a7d | 80 | |
2f0ea936 | 81 | =item B<-pkeyopt> I<opt>:I<value> |
49131a7d | 82 | |
2f0ea936 | 83 | Set the public key algorithm option I<opt> to I<value>. The precise set of |
49131a7d | 84 | options supported depends on the public key algorithm used and its |
f5c14c63 RL |
85 | implementation. See L</KEY GENERATION OPTIONS> and |
86 | L</PARAMETER GENERATION OPTIONS> below for more details. | |
49131a7d DSH |
87 | |
88 | =item B<-genparam> | |
89 | ||
c4de074e | 90 | Generate a set of parameters instead of a private key. If used this option must |
77a795e4 | 91 | precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options. |
49131a7d | 92 | |
e8769719 | 93 | =item B<-paramfile> I<filename> |
49131a7d DSH |
94 | |
95 | Some public key algorithms generate a private key based on a set of parameters. | |
e4549295 DSH |
96 | They can be supplied using this option. If this option is used the public key |
97 | algorithm used is determined by the parameters. If used this option must | |
77a795e4 | 98 | precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm> |
e4549295 DSH |
99 | are mutually exclusive. |
100 | ||
101 | =item B<-text> | |
102 | ||
103 | Print an (unencrypted) text representation of private and public keys and | |
104 | parameters along with the PEM or DER structure. | |
49131a7d | 105 | |
018aaeb4 RS |
106 | {- $OpenSSL::safe::opt_engine_item -} |
107 | ||
6bd4e3f2 P |
108 | {- $OpenSSL::safe::opt_provider_item -} |
109 | ||
49131a7d DSH |
110 | =back |
111 | ||
112 | =head1 KEY GENERATION OPTIONS | |
113 | ||
4c583c36 | 114 | The options supported by each algorithm and indeed each implementation of an |
49131a7d | 115 | algorithm can vary. The options for the OpenSSL implementations are detailed |
77579510 MC |
116 | below. There are no key generation options defined for the X25519, X448, ED25519 |
117 | or ED448 algorithms. | |
49131a7d | 118 | |
77579510 | 119 | =head2 RSA Key Generation Options |
49131a7d DSH |
120 | |
121 | =over 4 | |
122 | ||
123 | =item B<rsa_keygen_bits:numbits> | |
124 | ||
70b0b977 | 125 | The number of bits in the generated key. If not specified 2048 is used. |
49131a7d | 126 | |
665d899f PY |
127 | =item B<rsa_keygen_primes:numprimes> |
128 | ||
129 | The number of primes in the generated key. If not specified 2 is used. | |
130 | ||
131 | =item B<rsa_keygen_pubexp:value> | |
132 | ||
133 | The RSA public exponent value. This can be a large decimal or | |
a43384fd | 134 | hexadecimal value if preceded by C<0x>. Default value is 65537. |
665d899f PY |
135 | |
136 | =back | |
137 | ||
77579510 | 138 | =head2 RSA-PSS Key Generation Options |
665d899f PY |
139 | |
140 | Note: by default an B<RSA-PSS> key has no parameter restrictions. | |
141 | ||
142 | =over 4 | |
143 | ||
2f0ea936 RL |
144 | =item B<rsa_keygen_bits>:I<numbits>, B<rsa_keygen_primes>:I<numprimes>, |
145 | B<rsa_keygen_pubexp>:I<value> | |
7751098e DSH |
146 | |
147 | These options have the same meaning as the B<RSA> algorithm. | |
148 | ||
2f0ea936 | 149 | =item B<rsa_pss_keygen_md>:I<digest> |
7751098e | 150 | |
2f0ea936 | 151 | If set the key is restricted and can only use I<digest> for signing. |
7751098e | 152 | |
2f0ea936 | 153 | =item B<rsa_pss_keygen_mgf1_md>:I<digest> |
7751098e | 154 | |
2f0ea936 | 155 | If set the key is restricted and can only use I<digest> as it's MGF1 |
7751098e DSH |
156 | parameter. |
157 | ||
2f0ea936 | 158 | =item B<rsa_pss_keygen_saltlen>:I<len> |
7751098e | 159 | |
2f0ea936 | 160 | If set the key is restricted and I<len> specifies the minimum salt length. |
7751098e DSH |
161 | |
162 | =back | |
163 | ||
77579510 MC |
164 | =head2 EC Key Generation Options |
165 | ||
166 | The EC key generation options can also be used for parameter generation. | |
49131a7d DSH |
167 | |
168 | =over 4 | |
169 | ||
2f0ea936 | 170 | =item B<ec_paramgen_curve>:I<curve> |
49131a7d | 171 | |
77579510 MC |
172 | The EC curve to use. OpenSSL supports NIST curve names such as "P-256". |
173 | ||
2f0ea936 | 174 | =item B<ec_param_enc>:I<encoding> |
77579510 | 175 | |
2f0ea936 RL |
176 | The encoding to use for parameters. The I<encoding> parameter must be either |
177 | B<named_curve> or B<explicit>. The default value is B<named_curve>. | |
49131a7d | 178 | |
677741f8 AP |
179 | =back |
180 | ||
77579510 MC |
181 | =head1 PARAMETER GENERATION OPTIONS |
182 | ||
183 | The options supported by each algorithm and indeed each implementation of an | |
184 | algorithm can vary. The options for the OpenSSL implementations are detailed | |
185 | below. | |
186 | ||
187 | =head2 DSA Parameter Generation Options | |
49131a7d DSH |
188 | |
189 | =over 4 | |
190 | ||
2f0ea936 | 191 | =item B<dsa_paramgen_bits>:I<numbits> |
49131a7d | 192 | |
70b0b977 | 193 | The number of bits in the generated prime. If not specified 2048 is used. |
49131a7d | 194 | |
2f0ea936 | 195 | =item B<dsa_paramgen_q_bits>:I<numbits> |
49131a7d | 196 | |
b03ec3b5 SL |
197 | =item B<qbits>:I<numbits> |
198 | ||
77579510 | 199 | The number of bits in the q parameter. Must be one of 160, 224 or 256. If not |
70b0b977 | 200 | specified 224 is used. |
49131a7d | 201 | |
2f0ea936 | 202 | =item B<dsa_paramgen_md>:I<digest> |
618eb125 | 203 | |
b03ec3b5 SL |
204 | =item B<digest>:I<digest> |
205 | ||
77579510 MC |
206 | The digest to use during parameter generation. Must be one of B<sha1>, B<sha224> |
207 | or B<sha256>. If set, then the number of bits in B<q> will match the output size | |
208 | of the specified digest and the B<dsa_paramgen_q_bits> parameter will be | |
209 | ignored. If not set, then a digest will be used that gives an output matching | |
210 | the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224 | |
211 | or B<sha256> if it is 256. | |
618eb125 | 212 | |
b03ec3b5 SL |
213 | |
214 | =item B<properties>:I<query> | |
215 | ||
216 | The I<digest> property I<query> string to use when fetching a digest from a provider. | |
217 | ||
218 | =item B<type>:I<type> | |
219 | ||
220 | The type of generation to use. Set this to 1 to use legacy FIPS186-2 parameter | |
221 | generation. The default of 0 uses FIPS186-4 parameter generation. | |
222 | ||
223 | =item B<gindex>:I<index> | |
224 | ||
225 | The index to use for canonical generation and verification of the generator g. | |
226 | Set this to a positive value ranging from 0..255 to use this mode. Larger values | |
227 | will only use the bottom byte. | |
228 | This I<index> must then be reused during key validation to verify the value of g. | |
229 | If this value is not set then g is not verifiable. The default value is -1. | |
230 | ||
231 | =item B<hexseed>:I<seed> | |
232 | ||
233 | The seed I<seed> data to use instead of generating a random seed internally. | |
234 | This should be used for testing purposes only. This will either produced fixed | |
235 | values for the generated parameters OR it will fail if the seed did not | |
236 | generate valid primes. | |
237 | ||
49131a7d DSH |
238 | =back |
239 | ||
77579510 | 240 | =head2 DH Parameter Generation Options |
146ca72c | 241 | |
49131a7d DSH |
242 | =over 4 |
243 | ||
2f0ea936 | 244 | =item B<dh_paramgen_prime_len>:I<numbits> |
146ca72c | 245 | |
2f0ea936 | 246 | The number of bits in the prime parameter I<p>. The default is 2048. |
49131a7d | 247 | |
2f0ea936 | 248 | =item B<dh_paramgen_subprime_len>:I<numbits> |
49131a7d | 249 | |
2f0ea936 | 250 | The number of bits in the sub prime parameter I<q>. The default is 256 if the |
77579510 MC |
251 | prime is at least 2048 bits long or 160 otherwise. Only relevant if used in |
252 | conjunction with the B<dh_paramgen_type> option to generate X9.42 DH parameters. | |
e5fa864f | 253 | |
2f0ea936 | 254 | =item B<dh_paramgen_generator>:I<value> |
e5fa864f | 255 | |
2f0ea936 | 256 | The value to use for the generator I<g>. The default is 2. |
e5fa864f | 257 | |
2f0ea936 | 258 | =item B<dh_paramgen_type>:I<value> |
e5fa864f | 259 | |
77579510 MC |
260 | The type of DH parameters to generate. Use 0 for PKCS#3 DH and 1 for X9.42 DH. |
261 | The default is 0. | |
e5fa864f | 262 | |
2f0ea936 | 263 | =item B<dh_rfc5114>:I<num> |
e5fa864f | 264 | |
77579510 | 265 | If this option is set, then the appropriate RFC5114 parameters are used |
2f0ea936 RL |
266 | instead of generating new parameters. The value I<num> can be one of |
267 | 1, 2 or 3 corresponding to RFC5114 DH parameters consisting of | |
77579510 MC |
268 | 1024 bit group with 160 bit subgroup, 2048 bit group with 224 bit subgroup |
269 | and 2048 bit group with 256 bit subgroup as mentioned in RFC5114 sections | |
270 | 2.1, 2.2 and 2.3 respectively. If present this overrides all other DH parameter | |
271 | options. | |
e5fa864f DSH |
272 | |
273 | =back | |
274 | ||
77579510 | 275 | =head2 EC Parameter Generation Options |
e5fa864f | 276 | |
77579510 | 277 | The EC parameter generation options are the same as for key generation. See |
f5c14c63 | 278 | L</EC Key Generation Options> above. |
e5fa864f | 279 | |
49131a7d DSH |
280 | =head1 NOTES |
281 | ||
282 | The use of the genpkey program is encouraged over the algorithm specific | |
283 | utilities because additional algorithm options and ENGINE provided algorithms | |
284 | can be used. | |
285 | ||
286 | =head1 EXAMPLES | |
287 | ||
288 | Generate an RSA private key using default parameters: | |
289 | ||
146ca72c | 290 | openssl genpkey -algorithm RSA -out key.pem |
49131a7d DSH |
291 | |
292 | Encrypt output private key using 128 bit AES and the passphrase "hello": | |
293 | ||
e5fa864f | 294 | openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello |
49131a7d DSH |
295 | |
296 | Generate a 2048 bit RSA key using 3 as the public exponent: | |
297 | ||
dfee8626 RS |
298 | openssl genpkey -algorithm RSA -out key.pem \ |
299 | -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 | |
49131a7d | 300 | |
b03ec3b5 SL |
301 | Generate 2048 bit DSA parameters that can be validated: The output values for |
302 | gindex and seed are required for key validation purposes and are not saved to | |
303 | the output pem file). | |
49131a7d | 304 | |
b03ec3b5 SL |
305 | openssl genpkey -genparam -algorithm DSA -out dsap.pem -pkeyopt pbits:2048 \ |
306 | -pkeyopt qbits:224 -pkeyopt digest:SHA256 -pkeyopt gindex:1 -text | |
49131a7d DSH |
307 | |
308 | Generate DSA key from parameters: | |
309 | ||
146ca72c | 310 | openssl genpkey -paramfile dsap.pem -out dsakey.pem |
49131a7d | 311 | |
77579510 | 312 | Generate 2048 bit DH parameters: |
49131a7d DSH |
313 | |
314 | openssl genpkey -genparam -algorithm DH -out dhp.pem \ | |
dfee8626 | 315 | -pkeyopt dh_paramgen_prime_len:2048 |
77579510 MC |
316 | |
317 | Generate 2048 bit X9.42 DH parameters: | |
318 | ||
319 | openssl genpkey -genparam -algorithm DH -out dhpx.pem \ | |
dfee8626 RS |
320 | -pkeyopt dh_paramgen_prime_len:2048 \ |
321 | -pkeyopt dh_paramgen_type:1 | |
49131a7d | 322 | |
618eb125 DSH |
323 | Output RFC5114 2048 bit DH parameters with 224 bit subgroup: |
324 | ||
325 | openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt dh_rfc5114:2 | |
326 | ||
49131a7d DSH |
327 | Generate DH key from parameters: |
328 | ||
146ca72c DSH |
329 | openssl genpkey -paramfile dhp.pem -out dhkey.pem |
330 | ||
331 | Generate EC parameters: | |
332 | ||
333 | openssl genpkey -genparam -algorithm EC -out ecp.pem \ | |
1bc74519 RS |
334 | -pkeyopt ec_paramgen_curve:secp384r1 \ |
335 | -pkeyopt ec_param_enc:named_curve | |
146ca72c DSH |
336 | |
337 | Generate EC key from parameters: | |
338 | ||
339 | openssl genpkey -paramfile ecp.pem -out eckey.pem | |
340 | ||
a528d4f0 | 341 | Generate EC key directly: |
49131a7d | 342 | |
146ca72c | 343 | openssl genpkey -algorithm EC -out eckey.pem \ |
1bc74519 RS |
344 | -pkeyopt ec_paramgen_curve:P-384 \ |
345 | -pkeyopt ec_param_enc:named_curve | |
49131a7d | 346 | |
c082201a DSH |
347 | Generate an X25519 private key: |
348 | ||
349 | openssl genpkey -algorithm X25519 -out xkey.pem | |
350 | ||
77579510 MC |
351 | Generate an ED448 private key: |
352 | ||
353 | openssl genpkey -algorithm ED448 -out xkey.pem | |
354 | ||
a528d4f0 RS |
355 | =head1 HISTORY |
356 | ||
357 | The ability to use NIST curve names, and to generate an EC key directly, | |
fc5ecadd DMSP |
358 | were added in OpenSSL 1.0.2. |
359 | The ability to generate X25519 keys was added in OpenSSL 1.1.0. | |
360 | The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1. | |
a528d4f0 | 361 | |
e2f92610 RS |
362 | =head1 COPYRIGHT |
363 | ||
33388b44 | 364 | Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 365 | |
449040b4 | 366 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
367 | this file except in compliance with the License. You can obtain a copy |
368 | in the file LICENSE in the source distribution or at | |
369 | L<https://www.openssl.org/source/license.html>. | |
370 | ||
371 | =cut |