1ebfedea0SLionel Sambuc=pod 2ebfedea0SLionel Sambuc 3ebfedea0SLionel Sambuc=head1 NAME 4ebfedea0SLionel Sambuc 5ebfedea0SLionel Sambucgenrsa - generate an RSA private key 6ebfedea0SLionel Sambuc 7ebfedea0SLionel Sambuc=head1 SYNOPSIS 8ebfedea0SLionel Sambuc 9ebfedea0SLionel SambucB<openssl> B<genrsa> 10ebfedea0SLionel Sambuc[B<-out filename>] 11ebfedea0SLionel Sambuc[B<-passout arg>] 12*0a6a1f1dSLionel Sambuc[B<-aes128>] 13*0a6a1f1dSLionel Sambuc[B<-aes128>] 14*0a6a1f1dSLionel Sambuc[B<-aes192>] 15*0a6a1f1dSLionel Sambuc[B<-aes256>] 16*0a6a1f1dSLionel Sambuc[B<-camellia128>] 17*0a6a1f1dSLionel Sambuc[B<-camellia192>] 18*0a6a1f1dSLionel Sambuc[B<-camellia256>] 19*0a6a1f1dSLionel Sambuc[B<-aes192>] 20*0a6a1f1dSLionel Sambuc[B<-aes256>] 21*0a6a1f1dSLionel Sambuc[B<-camellia128>] 22*0a6a1f1dSLionel Sambuc[B<-camellia192>] 23*0a6a1f1dSLionel Sambuc[B<-camellia256>] 24ebfedea0SLionel Sambuc[B<-des>] 25ebfedea0SLionel Sambuc[B<-des3>] 26ebfedea0SLionel Sambuc[B<-idea>] 27ebfedea0SLionel Sambuc[B<-f4>] 28ebfedea0SLionel Sambuc[B<-3>] 29ebfedea0SLionel Sambuc[B<-rand file(s)>] 30ebfedea0SLionel Sambuc[B<-engine id>] 31ebfedea0SLionel Sambuc[B<numbits>] 32ebfedea0SLionel Sambuc 33ebfedea0SLionel Sambuc=head1 DESCRIPTION 34ebfedea0SLionel Sambuc 35ebfedea0SLionel SambucThe B<genrsa> command generates an RSA private key. 36ebfedea0SLionel Sambuc 37ebfedea0SLionel Sambuc=head1 OPTIONS 38ebfedea0SLionel Sambuc 39ebfedea0SLionel Sambuc=over 4 40ebfedea0SLionel Sambuc 41ebfedea0SLionel Sambuc=item B<-out filename> 42ebfedea0SLionel Sambuc 43ebfedea0SLionel Sambucthe output filename. If this argument is not specified then standard output is 44ebfedea0SLionel Sambucused. 45ebfedea0SLionel Sambuc 46ebfedea0SLionel Sambuc=item B<-passout arg> 47ebfedea0SLionel Sambuc 48ebfedea0SLionel Sambucthe output file password source. For more information about the format of B<arg> 49ebfedea0SLionel Sambucsee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 50ebfedea0SLionel Sambuc 51*0a6a1f1dSLionel Sambuc=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> 52ebfedea0SLionel Sambuc 53*0a6a1f1dSLionel SambucThese options encrypt the private key with specified 54*0a6a1f1dSLionel Sambuccipher before outputting it. If none of these options is 55ebfedea0SLionel Sambucspecified no encryption is used. If encryption is used a pass phrase is prompted 56ebfedea0SLionel Sambucfor if it is not supplied via the B<-passout> argument. 57ebfedea0SLionel Sambuc 58ebfedea0SLionel Sambuc=item B<-F4|-3> 59ebfedea0SLionel Sambuc 60ebfedea0SLionel Sambucthe public exponent to use, either 65537 or 3. The default is 65537. 61ebfedea0SLionel Sambuc 62ebfedea0SLionel Sambuc=item B<-rand file(s)> 63ebfedea0SLionel Sambuc 64ebfedea0SLionel Sambuca file or files containing random data used to seed the random number 65ebfedea0SLionel Sambucgenerator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 66ebfedea0SLionel SambucMultiple files can be specified separated by a OS-dependent character. 67ebfedea0SLionel SambucThe separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 68ebfedea0SLionel Sambucall others. 69ebfedea0SLionel Sambuc 70ebfedea0SLionel Sambuc=item B<-engine id> 71ebfedea0SLionel Sambuc 72ebfedea0SLionel Sambucspecifying an engine (by its unique B<id> string) will cause B<genrsa> 73ebfedea0SLionel Sambucto attempt to obtain a functional reference to the specified engine, 74ebfedea0SLionel Sambucthus initialising it if needed. The engine will then be set as the default 75ebfedea0SLionel Sambucfor all available algorithms. 76ebfedea0SLionel Sambuc 77ebfedea0SLionel Sambuc=item B<numbits> 78ebfedea0SLionel Sambuc 79ebfedea0SLionel Sambucthe size of the private key to generate in bits. This must be the last option 80ebfedea0SLionel Sambucspecified. The default is 512. 81ebfedea0SLionel Sambuc 82ebfedea0SLionel Sambuc=back 83ebfedea0SLionel Sambuc 84ebfedea0SLionel Sambuc=head1 NOTES 85ebfedea0SLionel Sambuc 86ebfedea0SLionel SambucRSA private key generation essentially involves the generation of two prime 87ebfedea0SLionel Sambucnumbers. When generating a private key various symbols will be output to 88ebfedea0SLionel Sambucindicate the progress of the generation. A B<.> represents each number which 89ebfedea0SLionel Sambuchas passed an initial sieve test, B<+> means a number has passed a single 90ebfedea0SLionel Sambucround of the Miller-Rabin primality test. A newline means that the number has 91ebfedea0SLionel Sambucpassed all the prime tests (the actual number depends on the key size). 92ebfedea0SLionel Sambuc 93ebfedea0SLionel SambucBecause key generation is a random process the time taken to generate a key 94ebfedea0SLionel Sambucmay vary somewhat. 95ebfedea0SLionel Sambuc 96ebfedea0SLionel Sambuc=head1 BUGS 97ebfedea0SLionel Sambuc 98ebfedea0SLionel SambucA quirk of the prime generation algorithm is that it cannot generate small 99ebfedea0SLionel Sambucprimes. Therefore the number of bits should not be less that 64. For typical 100ebfedea0SLionel Sambucprivate keys this will not matter because for security reasons they will 101ebfedea0SLionel Sambucbe much larger (typically 1024 bits). 102ebfedea0SLionel Sambuc 103ebfedea0SLionel Sambuc=head1 SEE ALSO 104ebfedea0SLionel Sambuc 105ebfedea0SLionel SambucL<gendsa(1)|gendsa(1)> 106ebfedea0SLionel Sambuc 107ebfedea0SLionel Sambuc=cut 108ebfedea0SLionel Sambuc 109