There are different ways to generate RSA public and private key pair. Command line tools that are available generate RSA key pair are
- OpenSSL
- ssh-keygen
Using OpenSSL command to generate RSA public and private key pair
Generating RSA Key Pair Using OpenSSL
openssl genrsa -out rsa_private.pem 2048 Output file contains the private key where, private key file holds the information of both public and private keys. Such that we can extract the public key from private key file as follows
openssl rsa -in rsa_private.pem -out rsa_publc.pem -pubout -outform PEM There is also another way to generate RSA key-pair using OpenSSL command
Generating RSA public and private keys using command “openssl genpkey”. Where “openssl genpkey” is the most generic command to generate public key cryptography keypairs for different kind of cipher algorithms
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 -out privkey.pemGenerating public key from RSA private key file created with previous command
openssl pkey -in privkey.pem -out pubkey.pem -puboutGenerating Public/Private Key Pair using ssh-keygen
Generating RSA public and private key pair using “ssh-keygen” command is quite simple and it generates keypair with defaults
ssh-keygenRunning ssh-keygen
ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/Users/neotam/.ssh/id_rsa): ./id_rsa Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./id_rsa Your public key has been saved in ./id_rsa.pub The key fingerprint is: SHA256:C8YHxcBbcRw/bdrOstkXw1Qm7cDIwRAx8L3GxUAqhw4 neotam@mac.local The key's randomart image is: +---[RSA 3072]----+ | ..o++BO++ . | | ..o+.=+++ +| | Eoo + + ==.| | ..+ o . B ..| | + S = + | | . o . . o + | | . . o o| | = .| | o .. | +----[SHA256]-----+
Displaying private key information Using OpenSSL
Private key is composed of many things such as prime numbers, modulus, exponent, and coefficient. These all things can be seen to figure out what private key is made up of use the following command
openssl pkey -in rsa_private.pem -text -nooutWhere, -noout option doesn’t include private key again in the output
openssl pkey -in rsa_private.pem -text -noout
RSA Private-Key: (2048 bit, 2 primes)
modulus:
00:bc:f6:f3:34:90:7e:43:03:fa:01:45:90:ac:31:
77:89:2c:3e:d7:8e:86:03:4a:81:20:75:e4:fb:37:
bf:7d:06:b0:a0:e0:1c:29:32:c5:40:86:86:70:b2:
5a:d3:9d:0f:4e:6d:0a:c7:a0:bb:2d:5a:0c:17:cd:
78:9b:c8:f6:91:de:54:e1:26:f2:3a:97:0c:88:a6:
e8:95:da:10:08:cf:b1:05:db:aa:3f:33:e2:95:9f:
b0:dd:e5:b4:88:a6:de:06:e2:7c:58:e7:5a:f2:67:
93:81:04:01:7b:c2:12:b3:4a:a0:8f:85:aa:64:a1:
a6:25:97:12:4e:80:fd:00:88:56:a6:8b:1d:64:e7:
8f:0a:95:60:18:b8:ec:ea:6c:33:ae:23:6c:14:15:
b6:71:0a:42:a4:e0:4d:63:ae:1c:4d:cb:93:11:9e:
7a:21:ee:79:a3:71:2b:ce:31:d6:46:18:87:de:dd:
c5:b3:98:1a:8a:6a:9a:79:ef:30:81:6c:93:51:17:
72:e7:c6:9b:bc:14:b9:e0:69:95:d8:f0:af:fe:44:
c1:84:0e:5b:e1:58:3f:34:ee:db:08:39:21:c0:73:
6b:c5:ef:4f:35:67:fb:67:31:38:98:71:6f:1a:13:
61:2d:b3:01:38:82:09:5c:39:b9:f7:25:d8:40:7e:
61:3b
publicExponent: 65537 (0x10001)
privateExponent:
26:be:47:3d:26:c7:0c:7c:7b:3c:d9:83:81:1a:9f:
54:9b:a2:c2:d5:70:fa:a9:c2:f1:e1:da:31:fb:cb:
22:1a:46:0a:a6:08:80:15:ed:c5:7e:0f:80:79:c1:
0f:94:2b:38:3c:39:32:96:ec:e9:ae:85:be:37:9d:
9b:eb:47:4a:bf:18:0e:15:cb:22:62:27:ea:b8:b6:
05:4b:71:70:2d:0d:31:93:49:43:ae:22:ad:e4:d1:
01:9e:00:36:e8:67:ab:67:b2:71:13:f6:5c:af:09:
da:30:f5:10:e7:c8:a7:c4:0c:49:80:f1:5f:b2:98:
fb:2a:0f:51:d3:36:8c:6e:0c:eb:8f:5e:26:fe:8e:
65:6f:e4:83:1b:87:fd:04:3d:c9:36:ea:2d:08:a4:
74:9a:0a:00:a4:93:88:85:93:96:22:86:8d:0a:39:
c3:95:4e:b2:34:68:8b:53:88:3a:8e:9d:1d:db:a3:
23:df:a0:f1:df:ac:9d:c5:43:e4:54:48:66:ef:2d:
60:d7:28:50:de:30:e7:fa:98:1d:ac:a3:c3:8f:f8:
ba:57:b2:2f:3c:4e:7b:05:70:f5:39:69:09:87:79:
b5:99:fa:e9:03:ab:6e:24:36:8a:91:23:ac:78:e3:
a9:e0:b9:cf:ff:ae:96:6b:22:02:51:2f:cc:cb:77:
69
prime1:
00:f7:8e:48:4c:75:5f:5c:aa:d4:69:19:b9:8c:73:
1f:1a:31:59:ca:3e:d5:cd:8a:75:fc:21:ef:dd:77:
81:59:74:93:00:77:8b:4f:d2:18:be:51:46:67:a6:
67:2f:92:1f:f1:30:9a:cc:5b:2e:d8:10:b8:6a:d2:
c5:81:4f:27:0a:84:22:7e:97:4d:d8:ea:fa:fb:30:
81:82:84:5d:92:9f:71:70:d4:a3:e2:ca:3b:14:82:
73:4a:77:4e:0d:9f:9f:62:5b:16:bb:36:22:34:39:
2b:d3:ad:94:9b:95:d8:29:21:5b:77:27:74:f6:e9:
0d:28:2b:67:e9:fb:3f:e3:47
prime2:
00:c3:69:09:13:4e:34:d1:7e:d2:65:f4:45:41:db:
b8:1e:20:9e:d0:ae:ba:ef:fb:bc:85:41:5e:e5:87:
24:03:a6:41:4d:ed:9a:3f:2d:63:43:43:ee:ed:d8:
92:8d:49:3e:d6:cc:e1:f6:3f:cc:f1:49:28:bc:92:
3a:21:ef:39:89:6c:d9:21:f6:58:9e:15:95:17:4b:
4d:99:e3:7c:c7:0f:c3:e5:8c:f1:68:49:af:f2:a3:
ed:b4:72:77:64:03:8e:09:21:4f:cb:83:b0:ea:d4:
54:e7:59:c9:e7:34:5a:eb:2d:a8:00:53:aa:81:6c:
d5:cc:94:d4:a8:4b:16:84:6d
exponent1:
1f:2c:a6:c4:22:1f:c1:2e:ae:13:12:2f:40:95:9a:
bc:14:ac:e7:00:24:b2:7e:96:3f:0b:13:06:c3:ae:
e1:52:01:d5:14:38:d1:f3:76:34:39:4d:f1:6d:8e:
1e:fa:7a:d5:47:b6:a6:b7:70:dd:ba:b5:4e:96:7e:
52:bb:62:02:3c:03:90:07:83:c1:26:4e:36:e5:b3:
d9:78:cb:c3:d4:1a:58:08:1f:1f:47:32:4b:71:e6:
0c:e1:9b:4d:b1:e5:43:60:8f:2b:42:34:ea:78:ac:
a1:3a:81:b5:5a:18:5f:8d:98:d4:17:7e:ee:3d:08:
f0:1f:0f:35:f2:f2:e7:af
exponent2:
00:a0:3e:8f:39:ac:a5:75:b2:a9:79:00:22:97:4a:
46:27:36:9a:e6:08:93:b5:de:db:0e:ef:b7:91:44:
0c:4d:8d:d5:f9:c0:c1:ff:d3:09:96:8c:ab:ef:91:
ed:44:3d:6f:71:98:5c:28:a2:d3:3e:7e:bf:10:3c:
5d:bd:9c:3e:b3:aa:76:38:fa:9a:5b:30:d9:ad:5b:
8c:4c:89:17:b6:e9:ff:bc:4b:a3:5f:e1:25:8f:35:
cc:e5:70:04:e6:18:60:2e:ae:89:90:1b:f3:45:ef:
4f:9c:d4:ad:d4:92:c3:88:1e:4d:a9:ce:f2:80:e6:
2e:41:71:3f:1e:af:4c:cc:d5
coefficient:
00:b6:a6:7d:20:d2:5b:9e:88:a6:96:ba:55:72:35:
f9:31:71:3b:9d:da:63:72:ff:f9:34:1f:7b:ad:38:
ee:0b:d1:9c:0a:9b:53:53:e1:ab:b9:f0:dd:55:c4:
8b:b2:54:3f:0e:49:f7:03:80:69:55:65:6a:8c:ff:
6a:e2:c8:85:59:fd:46:00:9b:27:25:c6:ab:05:96:
d1:65:8d:72:dc:ff:0c:a1:be:f2:5f:df:dc:96:72:
8c:df:df:2d:5f:8e:81:77:22:48:03:bc:9f:fd:f9:
ca:0c:79:14:52:1a:24:c5:2c:a5:74:80:55:ef:95:
f3:29:0e:41:02:79:5a:15:03
Read More about RSA algorithm at How RSA works .
