Generating Public and Private Keys RSA

  • On April 2, 2016

Installing OpenSSL 

OpenSSL is officially distributed in C source code format. This is not a problem for Unix systems where C compiler is always available. But if you have a Windows system, you will have a hard time to install OpenSSL in C source code format. What you should do is to find a pre-compiled binary version for Windows.

Go to http://gnuwin32.sourceforge.net/packages/openssl.htm, and download the “Setup” version of “Binaries”, openssl-0.9.7c-bin.exe.

Download OpenSSL Configuration File. 

http://web.mit.edu/crypto/openssl.cnf

Generating Public Keys and Private Keys

  1. Generate an RSA private key:

>C:\Openssl\bin\openssl.exe genrsa -out <Key Filename> <Key Size>

Where:

  • <Key Filename> is the desired filename for the private key file
  • <Key Size> is the desired key length of either 1024, 2048, or 4096

For example, type:

>C:\Openssl\bin\openssl.exe genrsa -out my_key.key 2048

       2. Generate a Certificate Signing Request:

In version 0.9.8g:

>C:\Openssl\bin\openssl.exe req -new -key <Key Filename> -out <Request Filename> -config C:\Openssl\bin\openssl.cnf

-OR-

In version 0.9.8h and later:

>C:\Openssl\bin\openssl.exe req -new -key <Key Filename> -out <Request Filename> -config C:\Openssl\bin\openssl.cfg

Where:

  • <Key Filename> is the input filename of the previously generated private key
  • <Request Filename> is the output filename of the certificate signing request

For example, type:

>C:\Openssl\bin\openssl.exe req -new -key my_key.key -out my_request.csr -config C:\Openssl\bin\openssl.cnf

Follow the on-screen prompts for the required certificate request information.

      3. Generate a self-signed public certificate based on the request

>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in <Request Filename> -signkey <Key Filename> -out <Certificate Filename>

Where:

  • <Request Filename> is the input filename of the certificate signing request
  • <Key Filename> is the input filename of the previously generated private key
  • <Certificate Filename> is the output filename of the public certificate

For example, type:

>C:\Openssl\bin\openssl.exe x509 -req -days 3650 -in my_request.csr -signkey my_key.key -out my_cert.crt