openssl genrsa
genrsa用于生成RSA私钥,不会生成公钥,因为公钥提取自私钥,如果需要查看公钥或生成公钥,可以使用openssl rsa命令。
使用man genrsa查询其用法。
openssl genrsa [-out filename] [-passout arg] [-des] [-des3] [-idea] [numbits] 选项说明: -out filename :将生成的私钥保存至filename文件,若未指定输出文件,则为标准输出。 -numbits :指定要生成的私钥的长度,默认为1024。该项必须为命令行的最后一项参数。 -des|-des3|-idea:指定加密私钥文件用的算法,这样每次使用私钥文件都将输入密码,太麻烦所以很少使用。 -passout args :加密私钥文件时,传递密码的格式,如果要加密私钥文件时单未指定该项,则提示输入密码。传递密码的args的格式见openssl密码格式。
例如:
(1).生成512位的rsa私钥,输出到屏幕。
[root@docker-01 ~]# openssl genrsa 512 Generating RSA private key, 512 bit long modulus ...++++++++++++ .............++++++++++++ e is 65537 (0x10001) -----BEGIN RSA PRIVATE KEY----- MIIBOgIBAAJBAK8qI3DboywLTrMqqcrEpNwU9TQM8INLIX2HSiqMmIWrX1xiTjB9 QmFodNn3Xi5hJiZnCN1nfNp4Hce38iF04DMCAwEAAQJAQ2NlwRxumRo8i8dFDUI7 3oOdlgnIWeqEluN+kAIJB5s0fNNFWjOxiYZBsDAxlsQgEUuSSIvSKcZENND3RcO5 2QIhAN0ksDPT5WuzJndcWReBxYUHXIgmNiah5yBW7rIdJIYHAiEAysYsBjj2y/TW OAf9wwOquBq/8JiB/8ShIl40GCgvqXUCIEARgAcT7dS9C3jrRVh9HWeEEXfUcj3R DDAfX3o03T8DAiB2RdTT5FH/cNWqZO7c2ryvGdsuqKXa24PpGe1k0bvLKQIhAMmT uDm54o4dsMxUzANonxlZxAvabrL6a7oYaEZGtLwQ -----END RSA PRIVATE KEY-----
(2).生成512位的rsa私钥,输出到指定的文件genrsa.txt。
[root@docker-01 ~]# openssl genrsa -out genrsa.txt 512 Generating RSA private key, 512 bit long modulus .............................++++++++++++ ..........++++++++++++ e is 65537 (0x10001) [root@docker-01 ~]# cat genrsa.txt -----BEGIN RSA PRIVATE KEY----- MIIBOwIBAAJBAMU42HQTdJ3NIXbd7+4tTf0iXmu2ZZwESpBp6STtIObLfVPjGAnz lhlbG3ji3ieqCWXcjRo+TAf+3ijvM+HTuuMCAwEAAQJBAKGiQAuJsmZtqsJvi+bo rGUMWNPwLYBbJ/0JP/Fqgi+DH6La0gMPAf3I1yG08bFI5zyHLVTk+XV891OeLznm RNECIQDrcyaVIWVXL2m+wuDUKwQGcWXJhQ/y3NwPEYls3eoMuwIhANZvimFuTR/P bwn8P3DRUM/2qzGC265JZ4ZcRHZJ9vv5AiEAsEhq3sU+RuSs27K0+qWqQditSRBj PIa4DGAo8GXGUvkCIGfqL6YdfLRwon+1RM0YMlBFWhqpLmocWlXLOsYT++OJAiBs uLgQ08Jc932/HToE6OOakF8YAd/yzfLzf63lWUBMag== -----END RSA PRIVATE KEY-----
(3).加密私钥文件,加密的密码为123456。
[root@docker-01 ~]# openssl genrsa -out genrsa.txt -des3 -passout pass:123456 512 Generating RSA private key, 512 bit long modulus .......++++++++++++ .....++++++++++++ e is 65537 (0x10001) [root@docker-01 ~]# cat genrsa.txt -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,1CB5A892A6896232 +VTzFTHkZPifuuJfKfJ9ThlQVSUtQhDlmYLLA2tEEO+tILqRJ2Si835DqYCW/Gma rMHI51riZfilT3GNp9HRdwLoGGtGPgtYA03pQQNC+zqqmpoBaHurRiI/ufm6J6uk Bm6Sagm970rvnT5KpRm9H8KDJDpx4XibUUHHvano0l15rr38Nk2dN3FPS8NBLw/V xW6MqhtUhQGlf88enULTYCwU+Qcx1eiuuRDrbEr9z3LRVRGNDhE6/xQMKTRjc4Zj vrbJpHHVPry5jXv0aeNAgxDYjlnVl7Y3xc43YGmR1W1SuLg9wkItLaeJxPig/bTZ sEmsNWone1rS4On4hBlAwj/nMj4SFFdw1w5cfwfljJ7FG26rJEaiL8SAlAUURbXh zIkfSJMtdqrOk+b0Ztu890j67NODwygzu7nD2EK6+6o= -----END RSA PRIVATE KEY----- [root@docker-01 ~]#
其实一般情况下能用到的选项也就"-out"和"numbits"