introduce
openssl genrsa is used to generate the rsa private key file, which can specify the private key length and password protection.
grammar
openssl genrsa[-out filename] [-passout arg] [-des] [-des3] [-idea] [-f4] [-3] [-rand file(s)] [-engine id] [numbits]
General use
- E:\OpenSSL\foo>openssl genrsa -out rsa_pri.pme
- Loading 'screen' into random state - done
- Generating RSA private key, 512 bit long modulus
- .++++++++++++
- ...............++++++++++++
- e is 65537 (0x10001)
As can be seen from the output, the key length is 512bit. We can also specify the key length. The longer the key length, the more secure it is, but the time it takes to encrypt and decrypt using the key will also be longer. Asymmetric keys improve security, but also bring a lot of time spent by algorithms. Asymmetric keys do not encrypt large blocks of data, and the application field is digital signature, key distribution and other small data encryption.
numbits key length (unit: bit)
- openssl genrsa -out rsa_pri.pem 1024
-passout arg
applies password protection to the generated rsa private key file, for example: use the idea algorithm to password protect the private key file.
- openssl genrsa -idea -passout pass:123 -out rsa_pri.pem
-F4 / -3 index (I don't know, what is in the algorithm), the default is 65537, such as the last sentence output in the above example, e is 65537 (0x10001)
- E:\OpenSSL\foo>openssl genrsa -3 -out rsa_pri.pem 2000
- Loading 'screen' into random state - done
- Generating RSA private key, 2000 bit long modulus
- ......................+++
- .............+++
- e is 3 (0x3)