openssl genpkey -algorithm rsa -out private.pemopenssl rsa -in private.pem -noout -text
For a quick deep dive on how RSA keys are generated click "down", otherwise click "right" to continue the workshop.
For more in-depth information visit the section about RSA Key Generation on Wikipedia.
--
--
Step 1: Choose two large prime numbers p and q.
They must be kept secret at all times.
--
Step 2: Calculate the Modulus n
Forumla: n = pq
The Modulus is used for both the Public and Private Key and thus is distrubuted as part of the Public Key. Its length, usually expressed in bits, is the key length.
--
Step 3: Compute λ(n)
λ is Carmichael's totient function and is used to calculate the Public Key Exponent and the Private Key Exponent.
--
Step 4: Calculate the Public Key Exponent
Choose an integer e such that
1 < e < λ(n) and gcd(e, λ(n)) = 1.
--
Step 5: Determine the Private Key Exponent
Formula: d ≡ e−1 (mod λ(n))
--
What about exponent1, exponent2, and coefficient?
--
For efficiency, many popular crypto libraries (such as OpenSSL, Java and .NET) use for decryption and signing the following optimization based on the Chinese remainder theorem:
$ openssl rsa -in private.pem -out public.pem -pubout$ openssl rsa -pubin -in public.pem -noout -textThings look familier, right?
There are two types of encoding widely used in the industry:
- Binary Encoding (DER):
.der,.cer,.crt,... - Base64 ASCII Encoding (PEM):
.pem,.crt,.cer,.key,...
Important: The file extension does not necessarily reflect the encoding used!
Convert PEM to DER
$ openssl rsa -in private.pem -outform der -out private.der
$ openssl rsa -pubin -in public.pem -outform der -out public.derConvert DER to PEM
$ openssl rsa -in private.der -inform der -out private.pem
$ openssl rsa -pubin -in public.der -inform der -out public.pemThis was the second part of the workshop.
You should now have a basic understanding of how to create and manage RSA keys.
To continue with the workshop, please proceed to the next part: Key Usage