genrsa.pod revision 279265
1=pod 2 3=head1 NAME 4 5genrsa - generate an RSA private key 6 7=head1 SYNOPSIS 8 9B<openssl> B<genrsa> 10[B<-out filename>] 11[B<-passout arg>] 12[B<-aes128>] 13[B<-aes128>] 14[B<-aes192>] 15[B<-aes256>] 16[B<-camellia128>] 17[B<-camellia192>] 18[B<-camellia256>] 19[B<-aes192>] 20[B<-aes256>] 21[B<-camellia128>] 22[B<-camellia192>] 23[B<-camellia256>] 24[B<-des>] 25[B<-des3>] 26[B<-idea>] 27[B<-f4>] 28[B<-3>] 29[B<-rand file(s)>] 30[B<-engine id>] 31[B<numbits>] 32 33=head1 DESCRIPTION 34 35The B<genrsa> command generates an RSA private key. 36 37=head1 OPTIONS 38 39=over 4 40 41=item B<-out filename> 42 43the output filename. If this argument is not specified then standard output is 44used. 45 46=item B<-passout arg> 47 48the output file password source. For more information about the format of B<arg> 49see the B<PASS PHRASE ARGUMENTS> section in L<openssl(1)|openssl(1)>. 50 51=item B<-aes128|-aes192|-aes256|-camellia128|-camellia192|-camellia256|-des|-des3|-idea> 52 53These options encrypt the private key with specified 54cipher before outputting it. If none of these options is 55specified no encryption is used. If encryption is used a pass phrase is prompted 56for if it is not supplied via the B<-passout> argument. 57 58=item B<-F4|-3> 59 60the public exponent to use, either 65537 or 3. The default is 65537. 61 62=item B<-rand file(s)> 63 64a file or files containing random data used to seed the random number 65generator, or an EGD socket (see L<RAND_egd(3)|RAND_egd(3)>). 66Multiple files can be specified separated by a OS-dependent character. 67The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for 68all others. 69 70=item B<-engine id> 71 72specifying an engine (by it's unique B<id> string) will cause B<req> 73to attempt to obtain a functional reference to the specified engine, 74thus initialising it if needed. The engine will then be set as the default 75for all available algorithms. 76 77=item B<numbits> 78 79the size of the private key to generate in bits. This must be the last option 80specified. The default is 512. 81 82=back 83 84=head1 NOTES 85 86RSA private key generation essentially involves the generation of two prime 87numbers. When generating a private key various symbols will be output to 88indicate the progress of the generation. A B<.> represents each number which 89has passed an initial sieve test, B<+> means a number has passed a single 90round of the Miller-Rabin primality test. A newline means that the number has 91passed all the prime tests (the actual number depends on the key size). 92 93Because key generation is a random process the time taken to generate a key 94may vary somewhat. 95 96=head1 BUGS 97 98A quirk of the prime generation algorithm is that it cannot generate small 99primes. Therefore the number of bits should not be less that 64. For typical 100private keys this will not matter because for security reasons they will 101be much larger (typically 1024 bits). 102 103=head1 SEE ALSO 104 105L<gendsa(1)|gendsa(1)> 106 107=cut 108 109