openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
-pubout
flag is really important. Be sure to include it.public.pem
and ensure that it starts with-----BEGIN PUBLIC KEY-----
. This is how you know that this file is thepublic key of the pair and not a private key.less
command, like this:less public.pem
openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM
-pubout
was dropped from the end of the command.That changes the meaning of the command from that of exporting the public keyto exporting the private key outside of its encrypted wrapper. Inspecting theoutput file, in this case private_unencrypted.pem
clearly shows that the keyis a RSA private key as it starts with -----BEGIN RSA PRIVATE KEY-----
.-----BEGIN RSA PRIVATE KEY-----
or -----BEGIN PUBLIC KEY-----
.less private.pem
to verify that it starts with a -----BEGIN RSA PRIVATE KEY-----
less public.pem
to verify that it starts with a -----BEGIN PUBLIC KEY-----
genpkey
, though some algorithms (e.g. RSA
) have their own tool (e.g. genrsa
).This is deliberate. In further development, these commands could be abstracted as a single common certificate generation facility. Samsung network lock control key generator.RSA certificates
.The main difference is the private key generation.RSA certificates
.The only difference is the public key algorithm, of course rsa-pss here.RSA certificates
.The main difference is that it needs to generate key parameters before generating key.