123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509 |
- =pod
- =begin comment
- {- join("\n", @autowarntext) -}
- =end comment
- =head1 NAME
- openssl-genpkey - generate a private key
- =head1 SYNOPSIS
- B<openssl> B<genpkey>
- [B<-help>]
- [B<-out> I<filename>]
- [B<-outform> B<DER>|B<PEM>]
- [B<-verbose>]
- [B<-quiet>]
- [B<-pass> I<arg>]
- [B<-I<cipher>>]
- [B<-paramfile> I<file>]
- [B<-algorithm> I<alg>]
- [B<-pkeyopt> I<opt>:I<value>]
- [B<-genparam>]
- [B<-text>]
- {- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
- {- $OpenSSL::safe::opt_config_synopsis -}
- =head1 DESCRIPTION
- This command generates a private key.
- =head1 OPTIONS
- =over 4
- =item B<-help>
- Print out a usage message.
- =item B<-out> I<filename>
- Output the key to the specified file. If this argument is not specified then
- standard output is used.
- =item B<-outform> B<DER>|B<PEM>
- The output format, except when B<-genparam> is given; the default is B<PEM>.
- See L<openssl-format-options(1)> for details.
- When B<-genparam> is given, B<-outform> is ignored.
- =item B<-verbose>
- Output "status dots" while generating keys.
- =item B<-quiet>
- Do not output "status dots" while generating keys.
- =item B<-pass> I<arg>
- The output file password source. For more information about the format of I<arg>
- see L<openssl-passphrase-options(1)>.
- =item B<-I<cipher>>
- This option encrypts the private key with the supplied cipher. Any algorithm
- name accepted by EVP_get_cipherbyname() is acceptable such as B<des3>.
- =item B<-algorithm> I<alg>
- Public key algorithm to use such as RSA, DSA, DH or DHX. If used this option must
- precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
- are mutually exclusive. Engines may add algorithms in addition to the standard
- built-in ones.
- Valid built-in algorithm names for private key generation are RSA, RSA-PSS, EC,
- X25519, X448, ED25519 and ED448.
- Valid built-in algorithm names for parameter generation (see the B<-genparam>
- option) are DH, DSA and EC.
- Note that the algorithm name X9.42 DH may be used as a synonym for DHX keys and
- PKCS#3 refers to DH Keys. Some options are not shared between DH and DHX keys.
- =item B<-pkeyopt> I<opt>:I<value>
- Set the public key algorithm option I<opt> to I<value>. The precise set of
- options supported depends on the public key algorithm used and its
- implementation. See L</KEY GENERATION OPTIONS> and
- L</PARAMETER GENERATION OPTIONS> below for more details.
- =item B<-genparam>
- Generate a set of parameters instead of a private key. If used this option must
- precede any B<-algorithm>, B<-paramfile> or B<-pkeyopt> options.
- =item B<-paramfile> I<filename>
- Some public key algorithms generate a private key based on a set of parameters.
- They can be supplied using this option. If this option is used the public key
- algorithm used is determined by the parameters. If used this option must
- precede any B<-pkeyopt> options. The options B<-paramfile> and B<-algorithm>
- are mutually exclusive.
- =item B<-text>
- Print an (unencrypted) text representation of private and public keys and
- parameters along with the PEM or DER structure.
- {- $OpenSSL::safe::opt_engine_item -}
- {- $OpenSSL::safe::opt_provider_item -}
- {- $OpenSSL::safe::opt_config_item -}
- =back
- =head1 KEY GENERATION OPTIONS
- The options supported by each algorithm and indeed each implementation of an
- algorithm can vary. The options for the OpenSSL implementations are detailed
- below. There are no key generation options defined for the X25519, X448, ED25519
- or ED448 algorithms.
- =head2 RSA Key Generation Options
- =over 4
- =item B<rsa_keygen_bits:numbits>
- The number of bits in the generated key. If not specified 2048 is used.
- =item B<rsa_keygen_primes:numprimes>
- The number of primes in the generated key. If not specified 2 is used.
- =item B<rsa_keygen_pubexp:value>
- The RSA public exponent value. This can be a large decimal or
- hexadecimal value if preceded by C<0x>. Default value is 65537.
- =back
- =head2 RSA-PSS Key Generation Options
- Note: by default an B<RSA-PSS> key has no parameter restrictions.
- =over 4
- =item B<rsa_keygen_bits>:I<numbits>, B<rsa_keygen_primes>:I<numprimes>,
- B<rsa_keygen_pubexp>:I<value>
- These options have the same meaning as the B<RSA> algorithm.
- =item B<rsa_pss_keygen_md>:I<digest>
- If set the key is restricted and can only use I<digest> for signing.
- =item B<rsa_pss_keygen_mgf1_md>:I<digest>
- If set the key is restricted and can only use I<digest> as it's MGF1
- parameter.
- =item B<rsa_pss_keygen_saltlen>:I<len>
- If set the key is restricted and I<len> specifies the minimum salt length.
- =back
- =head2 EC Key Generation Options
- The EC key generation options can also be used for parameter generation.
- =over 4
- =item B<ec_paramgen_curve>:I<curve>
- The EC curve to use. OpenSSL supports NIST curve names such as "P-256".
- =item B<ec_param_enc>:I<encoding>
- The encoding to use for parameters. The I<encoding> parameter must be either
- B<named_curve> or B<explicit>. The default value is B<named_curve>.
- =back
- =head2 DH Key Generation Options
- =over 4
- =item B<group>:I<name>
- The B<paramfile> option is not required if a named group is used here.
- See the L</DH Parameter Generation Options> section below.
- =back
- =head1 PARAMETER GENERATION OPTIONS
- The options supported by each algorithm and indeed each implementation of an
- algorithm can vary. The options for the OpenSSL implementations are detailed
- below.
- =head2 DSA Parameter Generation Options
- =over 4
- =item B<dsa_paramgen_bits>:I<numbits>
- The number of bits in the generated prime. If not specified 2048 is used.
- =item B<dsa_paramgen_q_bits>:I<numbits>
- =item B<qbits>:I<numbits>
- The number of bits in the q parameter. Must be one of 160, 224 or 256. If not
- specified 224 is used.
- =item B<dsa_paramgen_md>:I<digest>
- =item B<digest>:I<digest>
- The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
- or B<sha256>. If set, then the number of bits in B<q> will match the output size
- of the specified digest and the B<dsa_paramgen_q_bits> parameter will be
- ignored. If not set, then a digest will be used that gives an output matching
- the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it 224
- or B<sha256> if it is 256.
- =item B<properties>:I<query>
- The I<digest> property I<query> string to use when fetching a digest from a provider.
- =item B<type>:I<type>
- The type of generation to use. Set this to 1 to use legacy FIPS186-2 parameter
- generation. The default of 0 uses FIPS186-4 parameter generation.
- =item B<gindex>:I<index>
- The index to use for canonical generation and verification of the generator g.
- Set this to a positive value ranging from 0..255 to use this mode. Larger values
- will only use the bottom byte.
- This I<index> must then be reused during key validation to verify the value of g.
- If this value is not set then g is not verifiable. The default value is -1.
- =item B<hexseed>:I<seed>
- The seed I<seed> data to use instead of generating a random seed internally.
- This should be used for testing purposes only. This will either produced fixed
- values for the generated parameters OR it will fail if the seed did not
- generate valid primes.
- =back
- =head2 DH Parameter Generation Options
- For most use cases it is recommended to use the B<group> option rather than
- the B<type> options. Note that the B<group> option is not used by default if
- no parameter generation options are specified.
- =over 4
- =item B<group>:I<name>
- =item B<dh_param>:I<name>
- Use a named DH group to select constant values for the DH parameters.
- All other options will be ignored if this value is set.
- Valid values that are associated with the B<algorithm> of B<"DH"> are:
- "ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144", "ffdhe8192",
- "modp_1536", "modp_2048", "modp_3072", "modp_4096", "modp_6144", "modp_8192".
- Valid values that are associated with the B<algorithm> of B<"DHX"> are the
- RFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256".
- =item B<dh_rfc5114>:I<num>
- If this option is set, then the appropriate RFC5114 parameters are used
- instead of generating new parameters. The value I<num> can be one of
- 1, 2 or 3 that are equivalent to using the option B<group> with one of
- "dh_1024_160", "dh_2048_224" or "dh_2048_256".
- All other options will be ignored if this value is set.
- =item B<pbits>:I<numbits>
- =item B<dh_paramgen_prime_len>:I<numbits>
- The number of bits in the prime parameter I<p>. The default is 2048.
- =item B<qbits>:I<numbits>
- =item B<dh_paramgen_subprime_len>:I<numbits>
- The number of bits in the sub prime parameter I<q>. The default is 224.
- Only relevant if used in conjunction with the B<dh_paramgen_type> option to
- generate DHX parameters.
- =item B<safeprime-generator>:I<value>
- =item B<dh_paramgen_generator>:I<value>
- The value to use for the generator I<g>. The default is 2.
- The B<algorithm> option must be B<"DH"> for this parameter to be used.
- =item B<type>:I<string>
- The type name of DH parameters to generate. Valid values are:
- =over 4
- =item "generator"
- Use a safe prime generator with the option B<safeprime_generator>
- The B<algorithm> option must be B<"DH">.
- =item "fips186_4"
- FIPS186-4 parameter generation.
- The B<algorithm> option must be B<"DHX">.
- =item "fips186_2"
- FIPS186-4 parameter generation.
- The B<algorithm> option must be B<"DHX">.
- =item "group"
- Can be used with the option B<pbits> to select one of
- "ffdhe2048", "ffdhe3072", "ffdhe4096", "ffdhe6144" or "ffdhe8192".
- The B<algorithm> option must be B<"DH">.
- =item "default"
- Selects a default type based on the B<algorithm>. This is used by the
- OpenSSL default provider to set the type for backwards compatibility.
- If B<algorithm> is B<"DH"> then B<"generator"> is used.
- If B<algorithm> is B<"DHX"> then B<"fips186_2"> is used.
- =back
- =item B<dh_paramgen_type>:I<value>
- The type of DH parameters to generate. Valid values are 0, 1, 2 or 3
- which correspond to setting the option B<type> to
- "generator", "fips186_2", "fips186_4" or "group".
- =item B<digest>:I<digest>
- The digest to use during parameter generation. Must be one of B<sha1>, B<sha224>
- or B<sha256>. If set, then the number of bits in B<qbits> will match the output
- size of the specified digest and the B<qbits> parameter will be
- ignored. If not set, then a digest will be used that gives an output matching
- the number of bits in B<q>, i.e. B<sha1> if q length is 160, B<sha224> if it is
- 224 or B<sha256> if it is 256.
- This is only used by "fips186_4" and "fips186_2" key generation.
- =item B<properties>:I<query>
- The I<digest> property I<query> string to use when fetching a digest from a provider.
- This is only used by "fips186_4" and "fips186_2" key generation.
- =item B<gindex>:I<index>
- The index to use for canonical generation and verification of the generator g.
- Set this to a positive value ranging from 0..255 to use this mode. Larger values
- will only use the bottom byte.
- This I<index> must then be reused during key validation to verify the value of g.
- If this value is not set then g is not verifiable. The default value is -1.
- This is only used by "fips186_4" and "fips186_2" key generation.
- =item B<hexseed>:I<seed>
- The seed I<seed> data to use instead of generating a random seed internally.
- This should be used for testing purposes only. This will either produced fixed
- values for the generated parameters OR it will fail if the seed did not
- generate valid primes.
- This is only used by "fips186_4" and "fips186_2" key generation.
- =back
- =head2 EC Parameter Generation Options
- The EC parameter generation options are the same as for key generation. See
- L</EC Key Generation Options> above.
- =head1 NOTES
- The use of the genpkey program is encouraged over the algorithm specific
- utilities because additional algorithm options and ENGINE provided algorithms
- can be used.
- =head1 EXAMPLES
- Generate an RSA private key using default parameters:
- openssl genpkey -algorithm RSA -out key.pem
- Encrypt output private key using 128 bit AES and the passphrase "hello":
- openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello
- Generate a 2048 bit RSA key using 3 as the public exponent:
- openssl genpkey -algorithm RSA -out key.pem \
- -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3
- Generate 2048 bit DSA parameters that can be validated: The output values for
- gindex and seed are required for key validation purposes and are not saved to
- the output pem file).
- openssl genpkey -genparam -algorithm DSA -out dsap.pem -pkeyopt pbits:2048 \
- -pkeyopt qbits:224 -pkeyopt digest:SHA256 -pkeyopt gindex:1 -text
- Generate DSA key from parameters:
- openssl genpkey -paramfile dsap.pem -out dsakey.pem
- Generate 4096 bit DH Key using safe prime group ffdhe4096:
- openssl genpkey -algorithm DH -out dhkey.pem -pkeyopt group:ffdhe4096
- Generate 2048 bit X9.42 DH key with 256 bit subgroup using RFC5114 group3:
- openssl genpkey -algorithm DHX -out dhkey.pem -pkeyopt dh_rfc5114:3
- Generate a DH key using a DH parameters file:
- openssl genpkey -paramfile dhp.pem -out dhkey.pem
- Output DH parameters for safe prime group ffdhe2048:
- openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt group:ffdhe2048
- Output 2048 bit X9.42 DH parameters with 224 bit subgroup using RFC5114 group2:
- openssl genpkey -genparam -algorithm DHX -out dhp.pem -pkeyopt dh_rfc5114:2
- Output 2048 bit X9.42 DH parameters with 224 bit subgroup using FIP186-4 keygen:
- openssl genpkey -genparam -algorithm DHX -out dhp.pem -text \
- -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt digest:SHA256 \
- -pkeyopt gindex:1 -pkeyopt dh_paramgen_type:2
- Output 1024 bit X9.42 DH parameters with 160 bit subgroup using FIP186-2 keygen:
- openssl genpkey -genparam -algorithm DHX -out dhp.pem -text \
- -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt digest:SHA1 \
- -pkeyopt gindex:1 -pkeyopt dh_paramgen_type:1
- Output 2048 bit DH parameters:
- openssl genpkey -genparam -algorithm DH -out dhp.pem \
- -pkeyopt dh_paramgen_prime_len:2048
- Output 2048 bit DH parameters using a generator:
- openssl genpkey -genparam -algorithm DH -out dhpx.pem \
- -pkeyopt dh_paramgen_prime_len:2048 \
- -pkeyopt dh_paramgen_type:1
- Generate EC parameters:
- openssl genpkey -genparam -algorithm EC -out ecp.pem \
- -pkeyopt ec_paramgen_curve:secp384r1 \
- -pkeyopt ec_param_enc:named_curve
- Generate EC key from parameters:
- openssl genpkey -paramfile ecp.pem -out eckey.pem
- Generate EC key directly:
- openssl genpkey -algorithm EC -out eckey.pem \
- -pkeyopt ec_paramgen_curve:P-384 \
- -pkeyopt ec_param_enc:named_curve
- Generate an X25519 private key:
- openssl genpkey -algorithm X25519 -out xkey.pem
- Generate an ED448 private key:
- openssl genpkey -algorithm ED448 -out xkey.pem
- =head1 HISTORY
- The ability to use NIST curve names, and to generate an EC key directly,
- were added in OpenSSL 1.0.2.
- The ability to generate X25519 keys was added in OpenSSL 1.1.0.
- The ability to generate X448, ED25519 and ED448 keys was added in OpenSSL 1.1.1.
- The B<-engine> option was deprecated in OpenSSL 3.0.
- =head1 COPYRIGHT
- Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|