Creating Public and Private Keys with OpenSSL

From Logic Wiki
Jump to: navigation, search

Preparation

in Windows : install WSL Ubuntu from https://ubuntu.com/wsl

and install openssl 

sudo apt install openssl

Generating an RSA Private Key Using OpenSSL

openssl genrsa -out private-key.pem 3072

In this example, I have used a key length of 3072 bits. While 2048 is the minimum key length, it is recommended that you use 3072. This gives you 128-bit security.

This gives you a PEM file containing your RSA private key, which should look something like the following: 

-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEA1MSdsaPH2ShtjOo4c02+DbYcTdwUBLY+vNSXr2tV8/jGU059
... (I CUT THESE LINES TO MAKE IT SHORTER)
UuP3ai7zn++ag7Lu1QEm5pQAd2n+zMuKZbBISVA9fPbC9RkJX66E4zVbsEUnDDBD
9Rlu+3Dc0LwSjtAxXPDInmEh2mp3O/aZtMPVUPgDA4Ig7GbQC6W/
-----END RSA PRIVATE KEY-----

Creating an RSA Public Key from a Private Key Using OpenSSL

openssl rsa -in private-key.pem -pubout -out public-key.pem

This should give you another PEM file, containing the public key: 

-----BEGIN PUBLIC KEY-----
MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA1MSdsaPH2ShtjOo4c02+
... (I CUT THESE LINES TO MAKE IT SHORTER)
Snfpos7IxUTATpd6KTWUV3snVQnyiltCI1BHJC01sWePAgMBAAE=
-----END PUBLIC KEY-----

Creating an RSA Self-Signed Certificate Using OpenSSL

Now that you have a private key, you can use it to generate a self-signed certificate. This is not required, but it allows you to use the key for server/client authentication, or gain X509 specific functionality in technologies such as JWT and SAML. 

openssl req -new -x509 -key private-key.pem -out cert.pem -days 360

This will again generate yet another PEM file, this time containing the certificate created by your private key: 

 
-----BEGIN CERTIFICATE-----
MIIEazCCAtOgAwIB....

You could leave things there, but often, when working on Windows, you will need to create a PFX file that contains both the certificate and the private key for you to export and use.

You can do this using OpenSSL’s pkcs12 command: 

openssl pkcs12 -export -inkey private-key.pem -in cert.pem -out cert.pfx

OpenSSL will ask you to create a password for the PFX file. Feel free to leave this blank.

This should leave you with a certificate that Windows can both install and export the RSA private key from.


see also : https://ubuntu.com/wsl

Retrieved from "https://logicwiki.co.uk/index.php?title=Creating_Public_and_Private_Keys_with_OpenSSL&oldid=2243"