How to Generate RSA Public and Private Key Pair

There are different ways to generate RSA public and private key pair. Command line tools that are available generate RSA key pair are

  • OpenSSL
  • ssh-keygen

Using OpenSSL command to generate RSA public and private key pair

Generating RSA Key Pair Using OpenSSL

openssl genrsa -out rsa_private.pem  2048  

Output file contains the private key where, private key file holds the information of both public and private keys. Such that we can extract the public key from private key file as follows

openssl rsa -in rsa_private.pem -out rsa_publc.pem -pubout -outform PEM 

There is also another way to generate RSA key-pair using OpenSSL command

Generating RSA public and private keys using command “openssl genpkey”. Where “openssl genpkey” is the most generic command to generate public key cryptography keypairs for different kind of cipher algorithms

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 -out privkey.pem

Generating public key from RSA private key file created with previous command

openssl pkey -in privkey.pem -out pubkey.pem -pubout

Generating Public/Private Key Pair using ssh-keygen

Generating RSA public and private key pair using “ssh-keygen” command is quite simple and it generates keypair with defaults

ssh-keygen

Running ssh-keygen

ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/neotam/.ssh/id_rsa): ./id_rsa
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ./id_rsa
Your public key has been saved in ./id_rsa.pub
The key fingerprint is:
SHA256:C8YHxcBbcRw/bdrOstkXw1Qm7cDIwRAx8L3GxUAqhw4 neotam@mac.local
The key's randomart image is:
+---[RSA 3072]----+
|     ..o++BO++ . |
|      ..o+.=+++ +|
|      Eoo + + ==.|
|     ..+ o . B ..|
|      + S   = +  |
|     . o . . o + |
|        .   . o o|
|             =  .|
|            o .. |
+----[SHA256]-----+

Displaying private key information Using OpenSSL

Private key is composed of many things such as prime numbers, modulus, exponent, and coefficient. These all things can be seen to figure out what private key is made up of use the following command

openssl pkey -in rsa_private.pem -text -noout

Where, -noout option doesn’t include private key again in the output

openssl pkey -in rsa_private.pem -text -noout
RSA Private-Key: (2048 bit, 2 primes)
modulus:
    00:bc:f6:f3:34:90:7e:43:03:fa:01:45:90:ac:31:
    77:89:2c:3e:d7:8e:86:03:4a:81:20:75:e4:fb:37:
    bf:7d:06:b0:a0:e0:1c:29:32:c5:40:86:86:70:b2:
    5a:d3:9d:0f:4e:6d:0a:c7:a0:bb:2d:5a:0c:17:cd:
    78:9b:c8:f6:91:de:54:e1:26:f2:3a:97:0c:88:a6:
    e8:95:da:10:08:cf:b1:05:db:aa:3f:33:e2:95:9f:
    b0:dd:e5:b4:88:a6:de:06:e2:7c:58:e7:5a:f2:67:
    93:81:04:01:7b:c2:12:b3:4a:a0:8f:85:aa:64:a1:
    a6:25:97:12:4e:80:fd:00:88:56:a6:8b:1d:64:e7:
    8f:0a:95:60:18:b8:ec:ea:6c:33:ae:23:6c:14:15:
    b6:71:0a:42:a4:e0:4d:63:ae:1c:4d:cb:93:11:9e:
    7a:21:ee:79:a3:71:2b:ce:31:d6:46:18:87:de:dd:
    c5:b3:98:1a:8a:6a:9a:79:ef:30:81:6c:93:51:17:
    72:e7:c6:9b:bc:14:b9:e0:69:95:d8:f0:af:fe:44:
    c1:84:0e:5b:e1:58:3f:34:ee:db:08:39:21:c0:73:
    6b:c5:ef:4f:35:67:fb:67:31:38:98:71:6f:1a:13:
    61:2d:b3:01:38:82:09:5c:39:b9:f7:25:d8:40:7e:
    61:3b
publicExponent: 65537 (0x10001)
privateExponent:
    26:be:47:3d:26:c7:0c:7c:7b:3c:d9:83:81:1a:9f:
    54:9b:a2:c2:d5:70:fa:a9:c2:f1:e1:da:31:fb:cb:
    22:1a:46:0a:a6:08:80:15:ed:c5:7e:0f:80:79:c1:
    0f:94:2b:38:3c:39:32:96:ec:e9:ae:85:be:37:9d:
    9b:eb:47:4a:bf:18:0e:15:cb:22:62:27:ea:b8:b6:
    05:4b:71:70:2d:0d:31:93:49:43:ae:22:ad:e4:d1:
    01:9e:00:36:e8:67:ab:67:b2:71:13:f6:5c:af:09:
    da:30:f5:10:e7:c8:a7:c4:0c:49:80:f1:5f:b2:98:
    fb:2a:0f:51:d3:36:8c:6e:0c:eb:8f:5e:26:fe:8e:
    65:6f:e4:83:1b:87:fd:04:3d:c9:36:ea:2d:08:a4:
    74:9a:0a:00:a4:93:88:85:93:96:22:86:8d:0a:39:
    c3:95:4e:b2:34:68:8b:53:88:3a:8e:9d:1d:db:a3:
    23:df:a0:f1:df:ac:9d:c5:43:e4:54:48:66:ef:2d:
    60:d7:28:50:de:30:e7:fa:98:1d:ac:a3:c3:8f:f8:
    ba:57:b2:2f:3c:4e:7b:05:70:f5:39:69:09:87:79:
    b5:99:fa:e9:03:ab:6e:24:36:8a:91:23:ac:78:e3:
    a9:e0:b9:cf:ff:ae:96:6b:22:02:51:2f:cc:cb:77:
    69
prime1:
    00:f7:8e:48:4c:75:5f:5c:aa:d4:69:19:b9:8c:73:
    1f:1a:31:59:ca:3e:d5:cd:8a:75:fc:21:ef:dd:77:
    81:59:74:93:00:77:8b:4f:d2:18:be:51:46:67:a6:
    67:2f:92:1f:f1:30:9a:cc:5b:2e:d8:10:b8:6a:d2:
    c5:81:4f:27:0a:84:22:7e:97:4d:d8:ea:fa:fb:30:
    81:82:84:5d:92:9f:71:70:d4:a3:e2:ca:3b:14:82:
    73:4a:77:4e:0d:9f:9f:62:5b:16:bb:36:22:34:39:
    2b:d3:ad:94:9b:95:d8:29:21:5b:77:27:74:f6:e9:
    0d:28:2b:67:e9:fb:3f:e3:47
prime2:
    00:c3:69:09:13:4e:34:d1:7e:d2:65:f4:45:41:db:
    b8:1e:20:9e:d0:ae:ba:ef:fb:bc:85:41:5e:e5:87:
    24:03:a6:41:4d:ed:9a:3f:2d:63:43:43:ee:ed:d8:
    92:8d:49:3e:d6:cc:e1:f6:3f:cc:f1:49:28:bc:92:
    3a:21:ef:39:89:6c:d9:21:f6:58:9e:15:95:17:4b:
    4d:99:e3:7c:c7:0f:c3:e5:8c:f1:68:49:af:f2:a3:
    ed:b4:72:77:64:03:8e:09:21:4f:cb:83:b0:ea:d4:
    54:e7:59:c9:e7:34:5a:eb:2d:a8:00:53:aa:81:6c:
    d5:cc:94:d4:a8:4b:16:84:6d
exponent1:
    1f:2c:a6:c4:22:1f:c1:2e:ae:13:12:2f:40:95:9a:
    bc:14:ac:e7:00:24:b2:7e:96:3f:0b:13:06:c3:ae:
    e1:52:01:d5:14:38:d1:f3:76:34:39:4d:f1:6d:8e:
    1e:fa:7a:d5:47:b6:a6:b7:70:dd:ba:b5:4e:96:7e:
    52:bb:62:02:3c:03:90:07:83:c1:26:4e:36:e5:b3:
    d9:78:cb:c3:d4:1a:58:08:1f:1f:47:32:4b:71:e6:
    0c:e1:9b:4d:b1:e5:43:60:8f:2b:42:34:ea:78:ac:
    a1:3a:81:b5:5a:18:5f:8d:98:d4:17:7e:ee:3d:08:
    f0:1f:0f:35:f2:f2:e7:af
exponent2:
    00:a0:3e:8f:39:ac:a5:75:b2:a9:79:00:22:97:4a:
    46:27:36:9a:e6:08:93:b5:de:db:0e:ef:b7:91:44:
    0c:4d:8d:d5:f9:c0:c1:ff:d3:09:96:8c:ab:ef:91:
    ed:44:3d:6f:71:98:5c:28:a2:d3:3e:7e:bf:10:3c:
    5d:bd:9c:3e:b3:aa:76:38:fa:9a:5b:30:d9:ad:5b:
    8c:4c:89:17:b6:e9:ff:bc:4b:a3:5f:e1:25:8f:35:
    cc:e5:70:04:e6:18:60:2e:ae:89:90:1b:f3:45:ef:
    4f:9c:d4:ad:d4:92:c3:88:1e:4d:a9:ce:f2:80:e6:
    2e:41:71:3f:1e:af:4c:cc:d5
coefficient:
    00:b6:a6:7d:20:d2:5b:9e:88:a6:96:ba:55:72:35:
    f9:31:71:3b:9d:da:63:72:ff:f9:34:1f:7b:ad:38:
    ee:0b:d1:9c:0a:9b:53:53:e1:ab:b9:f0:dd:55:c4:
    8b:b2:54:3f:0e:49:f7:03:80:69:55:65:6a:8c:ff:
    6a:e2:c8:85:59:fd:46:00:9b:27:25:c6:ab:05:96:
    d1:65:8d:72:dc:ff:0c:a1:be:f2:5f:df:dc:96:72:
    8c:df:df:2d:5f:8e:81:77:22:48:03:bc:9f:fd:f9:
    ca:0c:79:14:52:1a:24:c5:2c:a5:74:80:55:ef:95:
    f3:29:0e:41:02:79:5a:15:03

Read More about RSA algorithm at How RSA works .

Default image
neotam
Naveen T aka neotam. Programming language agnostic, Software architect, Python expert, Networking & DevOps engineer & consultant with 7+ years of experience in creating serious web applications, real time event-driven non blocking applications and database driven applications ranging from small scale to enterprise grade. website
Leave a Reply