OpenSSL Release Notes (5900-1560, August 2011)
Table 9 The Openssl command-line options
DescriptionOption Name
CA managementca
CRL managementcrl
Message digest calculationdgst
DSA data managementdsa
Encoding with ciphersenc
Generation of DSA parametersgendsa
Generation of RSA parametersgenrsa
X.509 Certificate Signing Request (CSR) managementreq
RSA data managementrsa
X.509 certificate verificationverify
X.509 certificate data managementx509
For more information on openssl command-line options, refer to openssl(1).
Using Openssl
This section explains the use of the openssl command-line tool with examples. For more
information, refer to the openssl(1) manpage.
Creating an RSA key
Following is the syntax to create an RSA public and private key pair:
# openssl genrsa -out <filename> <bits>
Where:
<bits> Specifies the size of the key.
<filename> Specifies the file name where the key must be stored.
To create an RSA public and private key pair, use the following command:
# openssl genrsa -out <filename> <bits>
Where:
<bits> Specifies the size of the key.
<filename> Specifies the file name for storing the key pair.
For example: # openssl genrsa -out key.pem 1024
This command creates a 1024-bit key pair and stores it in the file key.pem. The <bits> parameter
is optional. The default key size is 512 bits.
Creating a password-protected RSA key pair
Following is the syntax to create a password-protected private RSA key pair:
# openssl genrsa -<encryption-algorithm> -out <filename> <bits>
Where:
<encryption-algorithm> specifies the algorithm to be used for encrypting the private
key (using a password supplied by the user).
<filename> specifies the file name for storing the key pair.
<bits> specifies the key size.
For example: # openssl genrsa -des3 -out key.pem 1024.
18 OpenSSL A.00.09.08q.001, A.00.09.08q.002, and A.00.09.08q.003