]>
Commit | Line | Data |
---|---|---|
aba3e65f | 1 | =pod |
625c781d | 2 | {- OpenSSL::safe::output_do_not_edit_headers(); -} |
9fcb9702 | 3 | |
aba3e65f DSH |
4 | =head1 NAME |
5 | ||
b6b66573 | 6 | openssl-genrsa - generate an RSA private key |
aba3e65f | 7 | |
aba3e65f DSH |
8 | =head1 SYNOPSIS |
9 | ||
10 | B<openssl> B<genrsa> | |
169394d4 | 11 | [B<-help>] |
e8769719 RS |
12 | [B<-out> I<filename>] |
13 | [B<-passout> I<arg>] | |
fc1d88f0 | 14 | [B<-aes128>] |
fc1d88f0 RS |
15 | [B<-aes192>] |
16 | [B<-aes256>] | |
d42d0a4d P |
17 | [B<-aria128>] |
18 | [B<-aria192>] | |
19 | [B<-aria256>] | |
fc1d88f0 RS |
20 | [B<-camellia128>] |
21 | [B<-camellia192>] | |
22 | [B<-camellia256>] | |
aba3e65f DSH |
23 | [B<-des>] |
24 | [B<-des3>] | |
25 | [B<-idea>] | |
65718c51 RS |
26 | [B<-F4>] |
27 | [B<-f4>] | |
28 | [B<-3>] | |
e8769719 | 29 | [B<-primes> I<num>] |
c43fa566 | 30 | [B<-verbose>] |
10203a34 | 31 | [B<-traditional>] |
9fcb9702 | 32 | {- $OpenSSL::safe::opt_r_synopsis -} |
018aaeb4 | 33 | {- $OpenSSL::safe::opt_engine_synopsis -} |
6bd4e3f2 | 34 | {- $OpenSSL::safe::opt_provider_synopsis -} |
aba3e65f DSH |
35 | [B<numbits>] |
36 | ||
8bf37709 | 37 | =for openssl ifdef engine 3 |
1738c0ce | 38 | |
aba3e65f DSH |
39 | =head1 DESCRIPTION |
40 | ||
b9f733c2 P |
41 | This command has been deprecated. |
42 | The L<openssl-genpkey(1)> command should be used instead. | |
43 | ||
35a810bb | 44 | This command generates an RSA private key. |
aba3e65f DSH |
45 | |
46 | =head1 OPTIONS | |
47 | ||
48 | =over 4 | |
49 | ||
169394d4 MR |
50 | =item B<-help> |
51 | ||
52 | Print out a usage message. | |
53 | ||
e8769719 | 54 | =item B<-out> I<filename> |
f07fb9b2 | 55 | |
169394d4 MR |
56 | Output the key to the specified file. If this argument is not specified then |
57 | standard output is used. | |
f07fb9b2 | 58 | |
e8769719 | 59 | =item B<-passout> I<arg> |
f07fb9b2 | 60 | |
c4de074e | 61 | The output file password source. For more information about the format |
3a4e43de | 62 | see L<openssl(1)/Pass Phrase Options>. |
f07fb9b2 | 63 | |
dfee8626 | 64 | =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> |
aba3e65f | 65 | |
fc1d88f0 RS |
66 | These options encrypt the private key with specified |
67 | cipher before outputting it. If none of these options is | |
f07fb9b2 | 68 | specified no encryption is used. If encryption is used a pass phrase is prompted |
a3fe382e | 69 | for if it is not supplied via the B<-passout> argument. |
aba3e65f | 70 | |
65718c51 | 71 | =item B<-F4>, B<-f4>, B<-3> |
aba3e65f | 72 | |
c4de074e | 73 | The public exponent to use, either 65537 or 3. The default is 65537. |
8bf37709 | 74 | The B<-3> option has been deprecated. |
aba3e65f | 75 | |
e8769719 | 76 | =item B<-primes> I<num> |
665d899f | 77 | |
2f0ea936 | 78 | Specify the number of primes to use while generating the RSA key. The I<num> |
665d899f | 79 | parameter must be a positive integer that is greater than 1 and less than 16. |
2f0ea936 | 80 | If I<num> is greater than 2, then the generated key is called a 'multi-prime' |
665d899f PY |
81 | RSA key, which is defined in RFC 8017. |
82 | ||
c43fa566 PP |
83 | =item B<-verbose> |
84 | ||
85 | Print extra details about the operations being performed. | |
86 | ||
10203a34 KR |
87 | =item B<-traditional> |
88 | ||
89 | Write the key using the traditional PKCS#1 format instead of the PKCS#8 format. | |
90 | ||
9fcb9702 RS |
91 | {- $OpenSSL::safe::opt_r_item -} |
92 | ||
018aaeb4 RS |
93 | {- $OpenSSL::safe::opt_engine_item -} |
94 | ||
6bd4e3f2 P |
95 | {- $OpenSSL::safe::opt_provider_item -} |
96 | ||
aba3e65f DSH |
97 | =item B<numbits> |
98 | ||
c4de074e | 99 | The size of the private key to generate in bits. This must be the last option |
cac19d19 | 100 | specified. The default is 2048 and values less than 512 are not allowed. |
aba3e65f DSH |
101 | |
102 | =back | |
103 | ||
104 | =head1 NOTES | |
105 | ||
665d899f PY |
106 | RSA private key generation essentially involves the generation of two or more |
107 | prime numbers. When generating a private key various symbols will be output to | |
a3fe382e DSH |
108 | indicate the progress of the generation. A B<.> represents each number which |
109 | has passed an initial sieve test, B<+> means a number has passed a single | |
665d899f PY |
110 | round of the Miller-Rabin primality test, B<*> means the current prime starts |
111 | a regenerating progress due to some failed tests. A newline means that the number | |
112 | has passed all the prime tests (the actual number depends on the key size). | |
aba3e65f DSH |
113 | |
114 | Because key generation is a random process the time taken to generate a key | |
665d899f PY |
115 | may vary somewhat. But in general, more primes lead to less generation time |
116 | of a key. | |
aba3e65f | 117 | |
aba3e65f DSH |
118 | =head1 SEE ALSO |
119 | ||
b6b66573 | 120 | L<openssl(1)>, |
b9f733c2 | 121 | L<openssl-genpkey(1)>, |
b6b66573 | 122 | L<openssl-gendsa(1)> |
369782ac | 123 | |
b9f733c2 P |
124 | =head1 HISTORY |
125 | ||
126 | This command was deprecated in OpenSSL 3.0. | |
127 | ||
e2f92610 RS |
128 | =head1 COPYRIGHT |
129 | ||
33388b44 | 130 | Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 131 | |
449040b4 | 132 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
133 | this file except in compliance with the License. You can obtain a copy |
134 | in the file LICENSE in the source distribution or at | |
135 | L<https://www.openssl.org/source/license.html>. | |
136 | ||
137 | =cut |