xref: /freebsd/crypto/openssl/doc/man1/openssl-genrsa.pod.in (revision aa7957345732816fb0ba8308798d2f79f45597f9) 
1b077aed3SPierre Pronchery=pod
2b077aed3SPierre Pronchery{- OpenSSL::safe::output_do_not_edit_headers(); -}
3b077aed3SPierre Pronchery
4b077aed3SPierre Pronchery=head1 NAME
5b077aed3SPierre Pronchery
6b077aed3SPierre Proncheryopenssl-genrsa - generate an RSA private key
7b077aed3SPierre Pronchery
8b077aed3SPierre Pronchery=head1 SYNOPSIS
9b077aed3SPierre Pronchery
10b077aed3SPierre ProncheryB<openssl> B<genrsa>
11b077aed3SPierre Pronchery[B<-help>]
12b077aed3SPierre Pronchery[B<-out> I<filename>]
13b077aed3SPierre Pronchery[B<-passout> I<arg>]
14b077aed3SPierre Pronchery[B<-aes128>]
15b077aed3SPierre Pronchery[B<-aes192>]
16b077aed3SPierre Pronchery[B<-aes256>]
17b077aed3SPierre Pronchery[B<-aria128>]
18b077aed3SPierre Pronchery[B<-aria192>]
19b077aed3SPierre Pronchery[B<-aria256>]
20b077aed3SPierre Pronchery[B<-camellia128>]
21b077aed3SPierre Pronchery[B<-camellia192>]
22b077aed3SPierre Pronchery[B<-camellia256>]
23b077aed3SPierre Pronchery[B<-des>]
24b077aed3SPierre Pronchery[B<-des3>]
25b077aed3SPierre Pronchery[B<-idea>]
26b077aed3SPierre Pronchery[B<-F4>]
27b077aed3SPierre Pronchery[B<-f4>]
28b077aed3SPierre Pronchery[B<-3>]
29b077aed3SPierre Pronchery[B<-primes> I<num>]
30b077aed3SPierre Pronchery[B<-verbose>]
31b077aed3SPierre Pronchery[B<-traditional>]
32b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_r_synopsis -}
33b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
34b077aed3SPierre Pronchery[B<numbits>]
35b077aed3SPierre Pronchery
36b077aed3SPierre Pronchery=head1 DESCRIPTION
37b077aed3SPierre Pronchery
38b077aed3SPierre ProncheryThis command generates an RSA private key.
39b077aed3SPierre Pronchery
40b077aed3SPierre Pronchery=head1 OPTIONS
41b077aed3SPierre Pronchery
42b077aed3SPierre Pronchery=over 4
43b077aed3SPierre Pronchery
44b077aed3SPierre Pronchery=item B<-help>
45b077aed3SPierre Pronchery
46b077aed3SPierre ProncheryPrint out a usage message.
47b077aed3SPierre Pronchery
48b077aed3SPierre Pronchery=item B<-out> I<filename>
49b077aed3SPierre Pronchery
50b077aed3SPierre ProncheryOutput the key to the specified file. If this argument is not specified then
51b077aed3SPierre Proncherystandard output is used.
52b077aed3SPierre Pronchery
53b077aed3SPierre Pronchery=item B<-passout> I<arg>
54b077aed3SPierre Pronchery
55b077aed3SPierre ProncheryThe output file password source. For more information about the format
56b077aed3SPierre Proncherysee L<openssl-passphrase-options(1)>.
57b077aed3SPierre Pronchery
58b077aed3SPierre Pronchery=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
59b077aed3SPierre Pronchery
60b077aed3SPierre ProncheryThese options encrypt the private key with specified
61b077aed3SPierre Proncherycipher before outputting it. If none of these options is
62b077aed3SPierre Proncheryspecified no encryption is used. If encryption is used a pass phrase is prompted
63b077aed3SPierre Proncheryfor if it is not supplied via the B<-passout> argument.
64b077aed3SPierre Pronchery
65b077aed3SPierre Pronchery=item B<-F4>, B<-f4>, B<-3>
66b077aed3SPierre Pronchery
67b077aed3SPierre ProncheryThe public exponent to use, either 65537 or 3. The default is 65537.
68b077aed3SPierre ProncheryThe B<-3> option has been deprecated.
69b077aed3SPierre Pronchery
70b077aed3SPierre Pronchery=item B<-primes> I<num>
71b077aed3SPierre Pronchery
72b077aed3SPierre ProncherySpecify the number of primes to use while generating the RSA key. The I<num>
73b077aed3SPierre Proncheryparameter must be a positive integer that is greater than 1 and less than 16.
74b077aed3SPierre ProncheryIf I<num> is greater than 2, then the generated key is called a 'multi-prime'
75b077aed3SPierre ProncheryRSA key, which is defined in RFC 8017.
76b077aed3SPierre Pronchery
77b077aed3SPierre Pronchery=item B<-verbose>
78b077aed3SPierre Pronchery
79b077aed3SPierre ProncheryPrint extra details about the operations being performed.
80b077aed3SPierre Pronchery
81b077aed3SPierre Pronchery=item B<-traditional>
82b077aed3SPierre Pronchery
83b077aed3SPierre ProncheryWrite the key using the traditional PKCS#1 format instead of the PKCS#8 format.
84b077aed3SPierre Pronchery
85b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_r_item -}
86b077aed3SPierre Pronchery
87b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_engine_item -}
88b077aed3SPierre Pronchery
89b077aed3SPierre Pronchery{- $OpenSSL::safe::opt_provider_item -}
90b077aed3SPierre Pronchery
91b077aed3SPierre Pronchery=item B<numbits>
92b077aed3SPierre Pronchery
93b077aed3SPierre ProncheryThe size of the private key to generate in bits. This must be the last option
94b077aed3SPierre Proncheryspecified. The default is 2048 and values less than 512 are not allowed.
95b077aed3SPierre Pronchery
96b077aed3SPierre Pronchery=back
97b077aed3SPierre Pronchery
98b077aed3SPierre Pronchery=head1 NOTES
99b077aed3SPierre Pronchery
100b077aed3SPierre ProncheryRSA private key generation essentially involves the generation of two or more
101b077aed3SPierre Proncheryprime numbers. When generating a private key various symbols will be output to
102b077aed3SPierre Proncheryindicate the progress of the generation. A B<.> represents each number which
103b077aed3SPierre Proncheryhas passed an initial sieve test, B<+> means a number has passed a single
104b077aed3SPierre Proncheryround of the Miller-Rabin primality test, B<*> means the current prime starts
105b077aed3SPierre Proncherya regenerating progress due to some failed tests. A newline means that the number
106b077aed3SPierre Proncheryhas passed all the prime tests (the actual number depends on the key size).
107b077aed3SPierre Pronchery
108b077aed3SPierre ProncheryBecause key generation is a random process the time taken to generate a key
109b077aed3SPierre Proncherymay vary somewhat. But in general, more primes lead to less generation time
110b077aed3SPierre Proncheryof a key.
111b077aed3SPierre Pronchery
112b077aed3SPierre Pronchery=head1 SEE ALSO
113b077aed3SPierre Pronchery
114b077aed3SPierre ProncheryL<openssl(1)>,
115b077aed3SPierre ProncheryL<openssl-genpkey(1)>,
116b077aed3SPierre ProncheryL<openssl-gendsa(1)>
117b077aed3SPierre Pronchery
118b077aed3SPierre Pronchery=head1 COPYRIGHT
119b077aed3SPierre Pronchery
120*aa795734SPierre ProncheryCopyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
121b077aed3SPierre Pronchery
122b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
123b077aed3SPierre Proncherythis file except in compliance with the License.  You can obtain a copy
124b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at
125b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>.
126b077aed3SPierre Pronchery
127b077aed3SPierre Pronchery=cut
128