-
Notifications
You must be signed in to change notification settings - Fork 23
/
Copy pathGenerating_Asymmetric_keys.txt
110 lines (73 loc) · 2.83 KB
/
Generating_Asymmetric_keys.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
Generating RSA keypair
--------------------------
# Generate RSA keys of various sizes
openssl genrsa
openssl genrsa 1024
openssl genrsa 4096
# Generate RSA private and store it to a file.
openssl genrsa -out key.pri
openssl genrsa > key.pri
# Generate a public key
openssl rsa -in key.pri -pubout
openssl rsa -in key.pri -pubout > key.pub
openssl rsa -in key.pri -pubout -out key.pub
# Examining RSA private key
openssl rsa -in key.pri -noout -text
# Examine RSA public key
openssl rsa -in key.pub -pubin -noout -text
# Converting PEM formatted keys to DER
openssl rsa -in key.pri -out key.pri.der -outform DER
# examining DER formatted private key
openssl rsa -in key.pri.der -inform DER -noout -text
# Generating encrypted private key file.
openssl genrsa -aes-256-cbc -out rsa.pri 2048
Generate DSA keys
------------------
# Generate DSA parameter file
openssl dsaparam -out dsa.param 2048
# Generate DSA keypair
openssl gendsa -out dsa.pri dsa.param
# Generating DSA public key
openssl dsa -in dsa.pri -pubout
openssl dsa -in dsa.pri -pubout > dsa.pub
openssl dsa -in dsa.pri -pubout -out dsa.pub
# Examining DSA
openssl dsa -in dsa.pri -noout -text
# Generating Encrypted private key
openssl gendsa -des-ede3-cbc -out dsa.pri dsa.param
Generate ECDSA keys
---------------------
# Get the list of all supported curves
openssl ecparam -list_curves
# Generate ecparam files
openssl ecparam -name sect571r1 -out ecdsa.param
# Generate ecdsa private key
openssl ecparam -genkey -in ecdsa.param -noout -out ecdsa.pri
# Generate ecdsa private key without using param files.
openssl ecparam -genkey -name sect571r1 -noout -out ecdsa.pri
# Generating ecdsa public key
openssl ec -in ecdsa.pri -pubout > ecdsa.pub
openssl ec -in ecdsa.pri -pubout -out ecdsa.pub
# Examining ecdsa private key.
openssl ec -in ecdsa.pri -noout -text
# Examining ecdsa public key.
openssl ec -in ecdsa.pub -pubin -noout -text
# Generating encrypted private key.
openssl ec -in ecdsa.pri -out ecdsa.prienc -aes-256-cbc
openssl ecparam -name sect571r1 -genkey | openssl ec -aes-256-cbc -out ecdsa.pri
Alternate ways to generate private keys
-----------------------------------------
# Generate RSA key
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:17 -out rsa.pri
# Examining RSA private key
openssl pkey -in rsa.pri -noout -text
# Generate RSA Public key
openssl pkey -in rsa.pri -pubout -out rsa.pub
# Generate ECDSA key
openssl genpkey -algorithm ec -pkeyopt ec_paramgen_curve:sect571r1 -aes-256-cbc -out ecdsa.pri
# Generate ECDSA public key
openssl pkey -in ecdsa.pri -pubout -out ecdsa.pub
# Generating EDDSA key
openssl genpkey -algorithm ED25519 -out eddsa.pri
# Examining EDDSA key
openssl pkey -in eddsa.pri -noout -text