=pod =head1 NAME openssl-rsa, rsa - RSA key processing tool =head1 SYNOPSIS B B [B<-help>] [B<-inform PEM|DER>] [B<-outform PEM|DER>] [B<-in filename>] [B<-passin arg>] [B<-out filename>] [B<-passout arg>] [B<-aes128>] [B<-aes192>] [B<-aes256>] [B<-aria128>] [B<-aria192>] [B<-aria256>] [B<-camellia128>] [B<-camellia192>] [B<-camellia256>] [B<-des>] [B<-des3>] [B<-idea>] [B<-text>] [B<-noout>] [B<-modulus>] [B<-check>] [B<-pubin>] [B<-pubout>] [B<-RSAPublicKey_in>] [B<-RSAPublicKey_out>] [B<-engine id>] =head1 DESCRIPTION The B command processes RSA keys. They can be converted between various forms and their components printed out. B this command uses the traditional SSLeay compatible format for private key encryption: newer applications should use the more secure PKCS#8 format using the B utility. =head1 OPTIONS =over 4 =item B<-help> Print out a usage message. =item B<-inform DER|PEM> This specifies the input format. The B option uses an ASN1 DER encoded form compatible with the PKCS#1 RSAPrivateKey or SubjectPublicKeyInfo format. The B form is the default format: it consists of the B format base64 encoded with additional header and footer lines. On input PKCS#8 format private keys are also accepted. =item B<-outform DER|PEM> This specifies the output format, the options have the same meaning and default as the B<-inform> option. =item B<-in filename> This specifies the input filename to read a key from or standard input if this option is not specified. If the key is encrypted a pass phrase will be prompted for. =item B<-passin arg> The input file password source. For more information about the format of B see L. =item B<-out filename> This specifies the output filename to write a key to or standard output if this option is not specified. If any encryption options are set then a pass phrase will be prompted for. The output filename should B be the same as the input filename. =item B<-passout password> The output file password source. For more information about the format of B see L. =item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea> These options encrypt the private key with the specified cipher before outputting it. A pass phrase is prompted for. If none of these options is specified the key is written in plain text. This means that using the B utility to read in an encrypted key with no encryption option can be used to remove the pass phrase from a key, or by setting the encryption options it can be use to add or change the pass phrase. These options can only be used with PEM format output files. =item B<-text> Prints out the various public or private key components in plain text in addition to the encoded version. =item B<-noout> This option prevents output of the encoded version of the key. =item B<-modulus> This option prints out the value of the modulus of the key. =item B<-check> This option checks the consistency of an RSA private key. =item B<-pubin> By default a private key is read from the input file: with this option a public key is read instead. =item B<-pubout> By default a private key is output: with this option a public key will be output instead. This option is automatically set if the input is a public key. =item B<-RSAPublicKey_in>, B<-RSAPublicKey_out> Like B<-pubin> and B<-pubout> except B format is used instead. =item B<-engine id> Specifying an engine (by its unique B string) will cause B to attempt to obtain a functional reference to the specified engine, thus initialising it if needed. The engine will then be set as the default for all available algorithms. =back =head1 NOTES The PEM private key format uses the header and footer lines: -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- The PEM public key format uses the header and footer lines: -----BEGIN PUBLIC KEY----- -----END PUBLIC KEY----- The PEM B format uses the header and footer lines: -----BEGIN RSA PUBLIC KEY----- -----END RSA PUBLIC KEY----- =head1 EXAMPLES To remove the pass phrase on an RSA private key: openssl rsa -in key.pem -out keyout.pem To encrypt a private key using triple DES: openssl rsa -in key.pem -des3 -out keyout.pem To convert a private key from PEM to DER format: openssl rsa -in key.pem -outform DER -out keyout.der To print out the components of a private key to standard output: openssl rsa -in key.pem -text -noout To just output the public part of a private key: openssl rsa -in key.pem -pubout -out pubkey.pem Output the public part of a private key in B format: openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem =head1 BUGS There should be an option that automatically handles .key files, without having to manually edit them. =head1 SEE ALSO L, L, L, L =head1 COPYRIGHT Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. Licensed under the OpenSSL license (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at L. =cut