5 genrsa - generate an RSA private key
22 The B<genrsa> command generates an RSA private key.
28 =item B<-out filename>
30 the output filename. If this argument is not specified then standard output is
35 the output file password source. For more information about the format of B<arg>
36 see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>.
38 =item B<-des|-des3|-idea>
40 These options encrypt the private key with the DES, triple DES, or the
41 IDEA ciphers respectively before outputting it. If none of these options is
42 specified no encryption is used. If encryption is used a pass phrase is prompted
43 for if it is not supplied via the B<-passout> argument.
47 the public exponent to use, either 65537 or 3. The default is 65537.
49 =item B<-rand file(s)>
51 a file or files containing random data used to seed the random number
52 generator. Multiple files can be specified separated by a OS-dependent
53 character. For MS-Windows, the separator is B<;>. For OpenVMS, it's
54 B<,>. For all others, it's B<:>.
58 the size of the private key to generate in bits. This must be the last option
59 specified. The default is 512.
65 RSA private key generation essentially involves the generation of two prime
66 numbers. When generating a private key various symbols will be output to
67 indicate the progress of the generation. A B<.> represents each number which
68 has passed an initial sieve test, B<+> means a number has passed a single
69 round of the Miller-Rabin primality test. A newline means that the number has
70 passed all the prime tests (the actual number depends on the key size).
72 Because key generation is a random process the time taken to generate a key
77 A quirk of the prime generation algorithm is that it cannot generate small
78 primes. Therefore the number of bits should not be less that 64. For typical
79 private keys this will not matter because for security reasons they will
80 be much larger (typically 1024 bits).
84 L<gendsa(1)|gendsa(1)>
projects / openssl.git / blob