Generate Rsa Key Pair Pkcs1-pem

| 14-05-2021
[RAND-1-100] Comments

While Encrypting a File with a Password from the Command Line using OpenSSLis very useful in its own right, the real power of the OpenSSL library is itsability to support the use of public key cryptograph for encrypting orvalidating data in an unattended manner (where the password is not required toencrypt) is done with public keys.

The Commands to Run

Although the OpenSSL library supports PKCS#1 encoding, the command line version of OpenSSL will only output RSA Public keys in x.509 format. Unfortunately it seems you are left with no option than to write some code that uses the OpenSSL library to output keys in PKCS#1 format.

Generate a 2048 bit RSA Key

You can generate a public and private RSA key pair like this:

openssl genrsa -des3 -out private.pem 2048

That generates a 2048-bit RSA key pair, encrypts them with a password you provideand writes them to a file. You need to next extract the public key file. You willuse this, for instance, on your web server to encrypt content so that it canonly be read with the private key.

Export the RSA Public Key to a File

This is a command that is

openssl rsa -in private.pem -outform PEM -pubout -out public.pem

The -pubout flag is really important. Be sure to include it.

Next open the public.pem and ensure that it starts with-----BEGIN PUBLIC KEY-----. This is how you know that this file is thepublic key of the pair and not a private key.

To check the file from the command line you can use the less command, like this:

less public.pem

Do Not Run This, it Exports the Private Key

A previous version of the post gave this example in error.

openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM

The error is that the -pubout was dropped from the end of the command.That changes the meaning of the command from that of exporting the public keyto exporting the private key outside of its encrypted wrapper. Inspecting theoutput file, in this case private_unencrypted.pem clearly shows that the keyis a RSA private key as it starts with -----BEGIN RSA PRIVATE KEY-----.

Visually Inspect Your Key Files

It is important to visually inspect you private and public key files to makesure that they are what you expect. OpenSSL will clearly explain the nature ofthe key block with a -----BEGIN RSA PRIVATE KEY----- or -----BEGIN PUBLIC KEY-----.

You can use less to inspect each of your two files in turn:

  • less private.pem to verify that it starts with a -----BEGIN RSA PRIVATE KEY-----
  • less public.pem to verify that it starts with a -----BEGIN PUBLIC KEY-----

The next section shows a full example of what each key file should look like.

The Generated Key Files

The generated files are base64-encoded encryption keys in plain text format.If you select a password for your private key, its file will be encrypted withyour password. Be sure to remember this password or the key pair becomes useless.

The private.pem file looks something like this:

The public key, public.pem, file looks like:

Protecting Your Keys

Windows Generate Rsa Key Pair

Depending on the nature of the information you will protect, it’s important tokeep the private key backed up and secret. The public key can be distributedanywhere or embedded in your web application scripts, such as in your PHP,Ruby, or other scripts. Again, backup your keys!

Generate Rsa Key Pair Pkcs1-pem

Remember, if the key goes away the data encrypted to it is gone. Keeping aprinted copy of the key material in a sealed envelope in a bank safety depositbox is a good way to protect important keys against loss due to fire or harddrive failure.

Oh, and one last thing.

If you, dear reader, were planning any funny business with the private key that I have just published here. Know that they were made especially for this series of blog posts. I do not use them for anything else.

Found an issue?

Rietta plans, develops, and maintains applications.

Learn more about our services or drop us your email and we'll e-mail you back.

Openssl generate rsa key pair

Other Blog Articles Published by Rietta.com

Generate RSA keys with SSH by using PuTTYgen

One effective way of securing SSH access to your cloud server is to usea public-private key pair. This means that a public key is placed onthe server and a private key is placed on your local workstation.Using a key pair makes it impossible for someone to log in by using justa password, as long as you set up SSH to deny password-basedauthentication.

This article provides steps for generating RSA keys by using PuTTYgen onWindows for secure SSH authentication with OpenSSH.

Generate keys

In Windows, use PuTTYgen to generate your public and private keys.

  1. If needed, download PuTTYgen from the PuTTY download page.(PuTTYgen might have been installed previously with PuTTY or WinSCP.)
  2. Launch the program, and then click the Generate button.The program generates the keys for you.
  3. Enter a unique key passphrase in the Key passphrase andConfirm passphrase fields.For additional information about using passphrases,see Log in with a SSH Private Key on Windows.
  4. Save the public and private keys by clicking the Save public keyand Save private key buttons.
  5. From the Public key for pasting into OpenSSH authorized_keys filefield at the top of the window, copy all the text (starting with ssh-rsa)to your clipboard by pressing Ctrl-C.You need this key available on your clipboard to paste eitherinto the public key tool in the Control Panel or directly into theauthorized keys on your cloud server.

Use the key pair

You can use the RSA key pair in the following ways.

Specify your SSH key when creating a new cloud server

When you create a cloud server, you can assign a public key from the list of keys.If your key is not already in the list, you may add it, and then assign it.

Add a new public key to the list

  1. Under Advanced Options on the Create Server page, click Manage SSHKeys.
  2. Select public key for the cloud server from the SSH Keys listand click Add Public Key.
  3. Enter the key name, select the region, and paste the entire publickey into the Public Key field. Then click Add Public Key.
  4. Go back to the Create Server page, and confirm that your key is listedin the SSH Key list.

Assign a public key

  1. Under Advanced Options on the Create Server page, select the publickey you want to use from the SSH key drop-down menu.
  2. When you are done specifying the all the other details for the server,click Create Server.

Assign your SSH Key to an existing cloud server

To make use of your newly generated RSA key pair, you must tell PuTTY touse it when connecting to your cloud server.

  1. To edit the file (or create it), run the following command on the cloud server:

  2. Paste the text onto its own line in the file.

    You must have the key available in your clipboard to paste it. The key and itsassociated text (the ssh-rsa identified at the start and the comment at the end)must be on one line in the file. If the text is word-wrapped onto multiple linesan error might occur when connecting.

  3. If you created the authorized_keys file, change its permissionsafter you’re done editing it by running the following command:

  4. Open PuTTY, and go to the SSH > Auth section.

  5. Browse to the location of the key file, and load the private key.

  6. Go to the Session page, and save the session. This saves the configurationso that PuTTY uses the key every time that you connect to your cloudserver.

After you save your session, your key is loaded automatically when youconnect to your server.

Generate Rsa Private Key Windows

Related article

Experience what Rackspace has to offer.

Generate Rsa Key Pair Online

©2020 Rackspace US, Inc.

Generate Rsa Key Pair Pkcs1-pem Windows 10

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License