159191Skris=pod 259191Skris 359191Skris=head1 NAME 459191Skris 559191Skrisgenrsa - generate an RSA private key 659191Skris 759191Skris=head1 SYNOPSIS 859191Skris 959191SkrisB<openssl> B<genrsa> 1059191Skris[B<-out filename>] 1159191Skris[B<-passout arg>] 12269686Sjkim[B<-aes128>] 13269686Sjkim[B<-aes128>] 14269686Sjkim[B<-aes192>] 15269686Sjkim[B<-aes256>] 16269686Sjkim[B<-camellia128>] 17269686Sjkim[B<-camellia192>] 18269686Sjkim[B<-camellia256>] 19269686Sjkim[B<-aes192>] 20269686Sjkim[B<-aes256>] 21269686Sjkim[B<-camellia128>] 22269686Sjkim[B<-camellia192>] 23269686Sjkim[B<-camellia256>] 2459191Skris[B<-des>] 2559191Skris[B<-des3>] 2659191Skris[B<-idea>] 2759191Skris[B<-f4>] 2859191Skris[B<-3>] 2959191Skris[B<-rand file(s)>] 30111147Snectar[B<-engine id>] 3159191Skris[B<numbits>] 3259191Skris 3359191Skris=head1 DESCRIPTION 3459191Skris 3559191SkrisThe B<genrsa> command generates an RSA private key. 3659191Skris 3759191Skris=head1 OPTIONS 3859191Skris 3959191Skris=over 4 4059191Skris 4159191Skris=item B<-out filename> 4259191Skris 4359191Skristhe output filename. If this argument is not specified then standard output is 4459191Skrisused. 4559191Skris 4659191Skris=item B<-passout arg> 4759191Skris 4859191Skristhe output file password source. For more information about the format of B<arg> 4959191Skrissee the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 5059191Skris 51269686Sjkim=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> 5259191Skris 53269686SjkimThese options encrypt the private key with specified 54269686Sjkimcipher before outputting it. If none of these options is 5559191Skrisspecified no encryption is used. If encryption is used a pass phrase is prompted 5659191Skrisfor if it is not supplied via the B<-passout> argument. 5759191Skris 5859191Skris=item B<-F4|-3> 5959191Skris 6059191Skristhe public exponent to use, either 65537 or 3. The default is 65537. 6159191Skris 6259191Skris=item B<-rand file(s)> 6359191Skris 6459191Skrisa file or files containing random data used to seed the random number 6559191Skrisgenerator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 6659191SkrisMultiple files can be specified separated by a OS-dependent character. 6768651SkrisThe separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 6859191Skrisall others. 6959191Skris 70111147Snectar=item B<-engine id> 71111147Snectar 72238405Sjkimspecifying an engine (by its unique B<id> string) will cause B<genrsa> 73111147Snectarto attempt to obtain a functional reference to the specified engine, 74111147Snectarthus initialising it if needed. The engine will then be set as the default 75111147Snectarfor all available algorithms. 76111147Snectar 7759191Skris=item B<numbits> 7859191Skris 7959191Skristhe size of the private key to generate in bits. This must be the last option 8059191Skrisspecified. The default is 512. 8159191Skris 8259191Skris=back 8359191Skris 8459191Skris=head1 NOTES 8559191Skris 8659191SkrisRSA private key generation essentially involves the generation of two prime 8759191Skrisnumbers. When generating a private key various symbols will be output to 8859191Skrisindicate the progress of the generation. A B<.> represents each number which 8959191Skrishas passed an initial sieve test, B<+> means a number has passed a single 9059191Skrisround of the Miller-Rabin primality test. A newline means that the number has 9159191Skrispassed all the prime tests (the actual number depends on the key size). 9259191Skris 9359191SkrisBecause key generation is a random process the time taken to generate a key 9459191Skrismay vary somewhat. 9559191Skris 9659191Skris=head1 BUGS 9759191Skris 9859191SkrisA quirk of the prime generation algorithm is that it cannot generate small 9959191Skrisprimes. Therefore the number of bits should not be less that 64. For typical 10059191Skrisprivate keys this will not matter because for security reasons they will 10159191Skrisbe much larger (typically 1024 bits). 10259191Skris 10359191Skris=head1 SEE ALSO 10459191Skris 10559191SkrisL<gendsa(1)|gendsa(1)> 10659191Skris 10759191Skris=cut 10859191Skris 109