RSA key pair generation¶

RSA key pair generation is the process of creating a public and private key set used within asymmetric cryptography. The openssl toolkit is commonly used to generate these keys, typically with a key size of 2048 bits^[600-developer-tools-security-ca.md].

Key Generation¶

The fundamental operation uses genrsa to generate an RSA private key^[600-developer-tools-security-ca.md].

Unencrypted Private Key¶

To generate a 2048-bit key without password protection, the following command is used^[600-developer-tools-security-ca.md]:

[OpenSSL](<./openssl.md>) genrsa -out ca.key 2048

The output file (ca.key) contains the RSA private key encoded in Base64 (PEM format), enclosed between -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- headers^[600-developer-tools-security-ca.md].

Encrypted Private Key (DES3)¶

To secure the private key with a password, the -des3 flag is added^[600-developer-tools-security-ca.md]. This encrypts the key using DES-EDE3-CBC^[600-developer-tools-security-ca.md].

[OpenSSL](<./openssl.md>) genrsa -des3 -out ca-des3.key 2048

When this command is executed, openssl prompts the user to enter and verify a pass phrase^[600-developer-tools-security-ca.md]. The resulting key file includes a Proc-Type: 4,ENCRYPTED header, indicating that the content is encrypted^[600-developer-tools-security-ca.md].

Key Components¶

The generated private key file includes mathematical values essential for the RSA algorithm^[600-developer-tools-security-ca.md]:

Modulus: The product of two prime numbers.
Public Exponent: Typically 65537 (0x010001)^[600-developer-tools-security-ca.md].

OpenSSL
[[X.509]]
[[HTTPS]]

Sources¶

^[600-developer-tools-security-ca.md]