Create RSA DSA Key with Openssl

In this post, we will cover how to create RSA private key, RSA public key, DSA private key, DSA public key with OpenSSL.


Create RSA Private Key with PEM format


RSA private key generation with OpenSSL involves just one step:


  • openssl genrsa -out rsaprivkey.pem 2048



This command generates a PEM-encoded private key and stores it in the file rsaprivkey.pem. This example creates a 2048-bit key, which should work for nearly any purpose. The resulting private key should be kept secret and is used to sign and decrypt data.



Create RSA Public Key with PEM format


Extract the public key from the private key, which can be used in a certificate:

  • openssl rsa -in rsaprivkey.pem -outform PEM -pubout -out public.pem


Create RSA Public Private Key with DER format


Some implementations, in particular Java-based, might require DER or PKCS8 which can for example be generated using the following additional steps:


  1. openssl rsa -in rsaprivkey.pem -pubout -outform DER -out rsapubkey.der

  2. openssl pkcs8 -topk8 -inform PEM -outform DER -in rsaprivkey.pem -out rsaprivkey.der -nocrypt



Step 1 generates the public key in DER format.

Step 2 generates the private key in pkcs8 and DER format. Once generated, we can use these keys (rsapubkey.der and rsaprivkey.der).






Create a DSA Private Key with PEM format

DSA key generation involves two steps:


  • openssl dsaparam -out dsaparam.pem 2048

  • openssl gendsa -out dsaprivkey.pem dsaparam.pem


The first step creates a DSA parameter file, dsaparam.pem, which in this case instructs OpenSSL to create a 2048-bit key in Step 2. The dsaparam.pem file is not itself a key, and can be discarded after the public and private keys are created.


The second step actually creates the private key in the file dsaprivkey.pem which should be kept secret.


Create a DSA Public Private Key with DER format


To export the key into a DER (binary) format we can use the following steps:


  • openssl dsa -in dsaprivkey.pem -outform DER -pubout -out dsapubkey.der

  • openssl pkcs8 -topk8 -inform PEM -outform DER -in dsaprivkey.pem -out dsaprivkey.der -nocrypt


Step 1 extracts the public key into a DER format.


Step 2 converts the private key into the pkcs8 and DER format. Once we've done this, we can use this public (dsapubkey.der) and private (dsaprivkey.der) key pair



Which SSH Key Is More Secure in Linux?

Filtering SSH Packets with Tcpdump

Setup SSH Keys to Login Linux Without Password

30 views
learn.png
cloud.png
genius.png