]>
Commit | Line | Data |
---|---|---|
aba3e65f DSH |
1 | =pod |
2 | ||
9fcb9702 RS |
3 | =begin comment |
4 | {- join("\n", @autowarntext) -} | |
5 | ||
6 | =end comment | |
7 | ||
aba3e65f DSH |
8 | =head1 NAME |
9 | ||
b6b66573 | 10 | openssl-genrsa - generate an RSA private key |
aba3e65f | 11 | |
aba3e65f DSH |
12 | =head1 SYNOPSIS |
13 | ||
14 | B<openssl> B<genrsa> | |
169394d4 | 15 | [B<-help>] |
e8769719 RS |
16 | [B<-out> I<filename>] |
17 | [B<-passout> I<arg>] | |
fc1d88f0 | 18 | [B<-aes128>] |
fc1d88f0 RS |
19 | [B<-aes192>] |
20 | [B<-aes256>] | |
d42d0a4d P |
21 | [B<-aria128>] |
22 | [B<-aria192>] | |
23 | [B<-aria256>] | |
fc1d88f0 RS |
24 | [B<-camellia128>] |
25 | [B<-camellia192>] | |
26 | [B<-camellia256>] | |
aba3e65f DSH |
27 | [B<-des>] |
28 | [B<-des3>] | |
29 | [B<-idea>] | |
2f0ea936 | 30 | [B<-f4>|B<-3>] |
e8769719 RS |
31 | [B<-engine> I<id>] |
32 | [B<-primes> I<num>] | |
c43fa566 | 33 | [B<-verbose>] |
9fcb9702 | 34 | {- $OpenSSL::safe::opt_r_synopsis -} |
aba3e65f DSH |
35 | [B<numbits>] |
36 | ||
9f3c076b | 37 | =for openssl ifdef engine |
1738c0ce | 38 | |
aba3e65f DSH |
39 | =head1 DESCRIPTION |
40 | ||
35a810bb | 41 | This command generates an RSA private key. |
aba3e65f DSH |
42 | |
43 | =head1 OPTIONS | |
44 | ||
45 | =over 4 | |
46 | ||
169394d4 MR |
47 | =item B<-help> |
48 | ||
49 | Print out a usage message. | |
50 | ||
e8769719 | 51 | =item B<-out> I<filename> |
f07fb9b2 | 52 | |
169394d4 MR |
53 | Output the key to the specified file. If this argument is not specified then |
54 | standard output is used. | |
f07fb9b2 | 55 | |
e8769719 | 56 | =item B<-passout> I<arg> |
f07fb9b2 | 57 | |
c4de074e | 58 | The output file password source. For more information about the format |
3a4e43de | 59 | see L<openssl(1)/Pass Phrase Options>. |
f07fb9b2 | 60 | |
dfee8626 | 61 | =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> |
aba3e65f | 62 | |
fc1d88f0 RS |
63 | These options encrypt the private key with specified |
64 | cipher before outputting it. If none of these options is | |
f07fb9b2 | 65 | specified no encryption is used. If encryption is used a pass phrase is prompted |
a3fe382e | 66 | for if it is not supplied via the B<-passout> argument. |
aba3e65f | 67 | |
e8769719 | 68 | =item B<-F4>|B<-3> |
aba3e65f | 69 | |
c4de074e | 70 | The public exponent to use, either 65537 or 3. The default is 65537. |
aba3e65f | 71 | |
e8769719 | 72 | =item B<-engine> I<id> |
bfa35550 | 73 | |
35a810bb | 74 | Specifying an engine (by its unique I<id> string) will cause this command |
bfa35550 RL |
75 | to attempt to obtain a functional reference to the specified engine, |
76 | thus initialising it if needed. The engine will then be set as the default | |
77 | for all available algorithms. | |
aba3e65f | 78 | |
e8769719 | 79 | =item B<-primes> I<num> |
665d899f | 80 | |
2f0ea936 | 81 | Specify the number of primes to use while generating the RSA key. The I<num> |
665d899f | 82 | parameter must be a positive integer that is greater than 1 and less than 16. |
2f0ea936 | 83 | If I<num> is greater than 2, then the generated key is called a 'multi-prime' |
665d899f PY |
84 | RSA key, which is defined in RFC 8017. |
85 | ||
c43fa566 PP |
86 | =item B<-verbose> |
87 | ||
88 | Print extra details about the operations being performed. | |
89 | ||
9fcb9702 RS |
90 | {- $OpenSSL::safe::opt_r_item -} |
91 | ||
aba3e65f DSH |
92 | =item B<numbits> |
93 | ||
c4de074e | 94 | The size of the private key to generate in bits. This must be the last option |
cac19d19 | 95 | specified. The default is 2048 and values less than 512 are not allowed. |
aba3e65f DSH |
96 | |
97 | =back | |
98 | ||
99 | =head1 NOTES | |
100 | ||
665d899f PY |
101 | RSA private key generation essentially involves the generation of two or more |
102 | prime numbers. When generating a private key various symbols will be output to | |
a3fe382e DSH |
103 | indicate the progress of the generation. A B<.> represents each number which |
104 | has passed an initial sieve test, B<+> means a number has passed a single | |
665d899f PY |
105 | round of the Miller-Rabin primality test, B<*> means the current prime starts |
106 | a regenerating progress due to some failed tests. A newline means that the number | |
107 | has passed all the prime tests (the actual number depends on the key size). | |
aba3e65f DSH |
108 | |
109 | Because key generation is a random process the time taken to generate a key | |
665d899f PY |
110 | may vary somewhat. But in general, more primes lead to less generation time |
111 | of a key. | |
aba3e65f | 112 | |
aba3e65f DSH |
113 | =head1 SEE ALSO |
114 | ||
b6b66573 DMSP |
115 | L<openssl(1)>, |
116 | L<openssl-gendsa(1)> | |
369782ac | 117 | |
e2f92610 RS |
118 | =head1 COPYRIGHT |
119 | ||
b6b66573 | 120 | Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. |
e2f92610 | 121 | |
449040b4 | 122 | Licensed under the Apache License 2.0 (the "License"). You may not use |
e2f92610 RS |
123 | this file except in compliance with the License. You can obtain a copy |
124 | in the file LICENSE in the source distribution or at | |
125 | L<https://www.openssl.org/source/license.html>. | |
126 | ||
127 | =cut |