"Fossies" - the Fresh Open Source Software Archive

Member "openssl-1.0.2q/doc/HOWTO/keys.txt" (20 Nov 2018, 2568 Bytes) of package /linux/misc/openssl-1.0.2q.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "keys.txt": 1.1.1-pre2_vs_1.1.1-pre3.

    1 <DRAFT!>
    2 			HOWTO keys
    3 
    4 1. Introduction
    5 
    6 Keys are the basis of public key algorithms and PKI.  Keys usually
    7 come in pairs, with one half being the public key and the other half
    8 being the private key.  With OpenSSL, the private key contains the
    9 public key information as well, so a public key doesn't need to be
   10 generated separately.
   11 
   12 Public keys come in several flavors, using different cryptographic
   13 algorithms.  The most popular ones associated with certificates are
   14 RSA and DSA, and this HOWTO will show how to generate each of them.
   15 
   16 
   17 2. To generate a RSA key
   18 
   19 A RSA key can be used both for encryption and for signing.
   20 
   21 Generating a key for the RSA algorithm is quite easy, all you have to
   22 do is the following:
   23 
   24   openssl genrsa -des3 -out privkey.pem 2048
   25 
   26 With this variant, you will be prompted for a protecting password.  If
   27 you don't want your key to be protected by a password, remove the flag
   28 '-des3' from the command line above.
   29 
   30     NOTE: if you intend to use the key together with a server
   31     certificate, it may be a good thing to avoid protecting it
   32     with a password, since that would mean someone would have to
   33     type in the password every time the server needs to access
   34     the key.
   35 
   36 The number 2048 is the size of the key, in bits.  Today, 2048 or
   37 higher is recommended for RSA keys, as fewer amount of bits is
   38 consider insecure or to be insecure pretty soon.
   39 
   40 
   41 3. To generate a DSA key
   42 
   43 A DSA key can be used for signing only.  It is important to
   44 know what a certificate request with a DSA key can really be used for.
   45 
   46 Generating a key for the DSA algorithm is a two-step process.  First,
   47 you have to generate parameters from which to generate the key:
   48 
   49   openssl dsaparam -out dsaparam.pem 2048
   50 
   51 The number 2048 is the size of the key, in bits.  Today, 2048 or
   52 higher is recommended for DSA keys, as fewer amount of bits is
   53 consider insecure or to be insecure pretty soon.
   54 
   55 When that is done, you can generate a key using the parameters in
   56 question (actually, several keys can be generated from the same
   57 parameters):
   58 
   59   openssl gendsa -des3 -out privkey.pem dsaparam.pem
   60 
   61 With this variant, you will be prompted for a protecting password.  If
   62 you don't want your key to be protected by a password, remove the flag
   63 '-des3' from the command line above.
   64 
   65     NOTE: if you intend to use the key together with a server
   66     certificate, it may be a good thing to avoid protecting it
   67     with a password, since that would mean someone would have to
   68     type in the password every time the server needs to access
   69     the key.
   70 
   71 -- 
   72 Richard Levitte