crypto:asymmetric:rsa_private

About

This article is about the management of a RSA implementation private key with OpenSSH (ie in a PEM format)

Command

Creation

For a pem private key (the openssh format), you use the genrsa ¹⁾ utility to create a RSA private key.

The below command ²⁾ creates a:

RSA private key with a key size of 4096 bit
encrypted using Triple-DES cipher with the passphrase yolo

openssl \
  genrsa \ 
  -des3 `# encrypt the key with DES in ede cbc mode (168 bit key)`  \
  -out private-key.pem `# the key file`  \
  -passout file:passphrase.txt `# the passphrase is in the file
  4096 `# num of bit default to 2048

Output Example:

Generating RSA private key, 4096 bit long modulus (2 primes)
.................................++++
.........................................................................++++
e is 65537 (0x010001)

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,B03FF7BC9D49E89C

8vSw4nlXuuAyJHfxnWCbi7QPW/QMgFU1HNlnSvt/10HEbSep+E6H8seRKwRK5TAW
q4TjSzrfL3Mg0Rq4jB3uEHLbEOFxoOOCrVLh+Okrdk4MmqTsUAFZaJMfAcy22Uqx
biHAHykE1Rp90Mnf8vbm4WukXDOeTmgr6x7ZJqIGaTZnF82kYz1IMoWoCy5mGfwD
ZCMHPkXRyCdQJikR+uDx/92waeCSJCcd6OXOJ/j3NFOZMzfrprUjYaIUc5EYXFgv
hEsIPHksKnboqFQzOZuqLCYNXSYq2Cld0CrEXTDDHNGWqZuT/5RLquwWmaBtqa+e
I63iL8a7d+1QvrUzuin34wUAZT7ccZdll6upq52C41J5zxw3oKlb5PqqrEhJ/C+Y
u0N7ap7A1ODw9lnKKHHsr391RedQ4l3yWPZdb+XzoyzSHMC8h45EK/VvHzXBBVu1
dsJaWLJUMaD4CviAeydV1159Qoddw2j6NcS94Iif6m4MEaH/NteTNFE2OgnD21so
v0k4vE8fKsYjbNJPLnGRxDOdTLQ1HVQVd2i9/PWj60hlE4Ef7hl/BaMC+GreM3xh
uV8MpBV+SDc2LhbVna0+CfB6vcZxIMsI1nHOQY4z4bNr14p2vRFtqRfWcy/M0fSC
madpGO1xNYnQZOvJEcHu6nGQsU6AgwpCKVizfxTQ8oAjrrvLdl9WvF4FWOvI2jxI
yVrQP0a/lRGN3Fh6DxS6EJSsMzwvr7htwfo+SVNYDMDlbUoFlvTHT9sMpKrh3Cke
oGrOjjCrPAlMmeKpqw1LOk1B1a/CgPM4BzwS4+MO5+KAwmVSpe/zOQ==
..............
.............
-----END RSA PRIVATE KEY-----

Info

With openssl rsa module ³⁾

openssl rsa -in pkcs8.pem -text -noout

Delete Passphrase

cp server.key.pem server.key_with_pwd.pem
openssl rsa -in server.key_with_pwd.pem -out server.key.pem -passin file:pass.txt

Create a public key from the private key

Create a public key

openssl rsa -in key.pem -pubout -out pubkey.pem

Convert from PEM to pkcs8 base64 PEM

Convert a private key to PKCS#8 unencrypted format with ⁴⁾

openssl pkcs8 -in key.pem -topk8 -nocrypt -out enckey.pem

Convert from PEM to pkcs12

openssl pkcs12 -export -nocerts -inkey pkcs8.pem -out pkcs12.p12

¹⁾

genrsa man page

²⁾

Genrsa Syntax - Generate an RSA private key

³⁾

https://www.openssl.org/docs/man1.1.1/man1/openssl-rsa.html

⁴⁾

https://www.openssl.org/docs/man1.1.1/man1/pkcs8.html

Table of Contents

Management of a RSA Private Key in PEM format (OpenSSH)