DEV Community: ABHIRAM P JAYAN The latest articles on DEV Community by ABHIRAM P JAYAN (@abhirampjayan). https://dev.to/abhirampjayan https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F378164%2F47798b8c-0508-4de5-b596-83acada87b25.png DEV Community: ABHIRAM P JAYAN https://dev.to/abhirampjayan en Generate RSA Keypair Using OpenSSL ABHIRAM P JAYAN Thu, 02 Sep 2021 14:23:42 +0000 https://dev.to/abhirampjayan/generate-rsa-keypair-using-openssl-h1o https://dev.to/abhirampjayan/generate-rsa-keypair-using-openssl-h1o <p>OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library. OpenSSL is licensed under an Apache-style license, which basically means that you are free to get and use it for commercial and non-commercial purposes subject to some simple license conditions. OpenSSL can generate several kinds of public/private keypairs. <strong>RSA</strong> is the most common kind of keypair generation.<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--TrzQTePP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/oymnlh9ofjpycqxp91t3.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--TrzQTePP--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/oymnlh9ofjpycqxp91t3.png" alt="Security Image"></a></p> <h2> Generate an RSA keypair with a 2048 bit private key </h2> <p>Execute command: <code>openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048</code> (previously <code>openssl genrsa -out private_key.pem 2048</code>)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl genpkey <span class="nt">-algorithm</span> RSA <span class="nt">-out</span> private_key.pem <span class="nt">-pkeyopt</span> rsa_keygen_bits:2048 </code></pre> </div> <blockquote> <p>Make sure to prevent other users from reading your key by executing <code>chmod go-r private_key.pem</code> afterward.</p> </blockquote> <h2> Extracting the public key from an RSA keypair </h2> <p>Execute command: <code>openssl rsa -pubout -in private_key.pem -out public_key.pem</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl rsa <span class="nt">-pubout</span> <span class="nt">-in</span> private_key.pem <span class="nt">-out</span> public_key.pem </code></pre> </div> <p>A new file is created, <code>public_key.pem</code>, with the public key.</p> <h2> OpenSSL Commands to Convert SSL Certificates on Your Machine </h2> <p>It is highly recommended that you convert to and from <code>.pfx</code> files on your own machine using OpenSSL so you can keep the private key there. Use the following OpenSSL commands to convert SSL certificate to different formats on your own machine:</p> <h3> OpenSSL Convert PEM </h3> <p><strong>Convert PEM to DER</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl x509 <span class="nt">-outform</span> der <span class="nt">-in</span> certificate.pem <span class="nt">-out</span> certificate.der </code></pre> </div> <p><strong>Convert PEM to P7B</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl crl2pkcs7 <span class="nt">-nocrl</span> <span class="nt">-certfile</span> certificate.cer <span class="nt">-out</span> certificate.p7b <span class="nt">-certfile</span> CACert.cer </code></pre> </div> <p><strong>Convert PEM to PFX</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl pkcs12 <span class="nt">-export</span> <span class="nt">-out</span> certificate.pfx <span class="nt">-inkey</span> privateKey.key <span class="nt">-in</span> certificate.crt <span class="nt">-certfile</span> CACert.crt </code></pre> </div> <h3> OpenSSL Convert DER </h3> <p><strong>Convert DER to PEM</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl x509 <span class="nt">-inform</span> der <span class="nt">-in</span> certificate.cer <span class="nt">-out</span> certificate.pem </code></pre> </div> <h3> OpenSSL Convert P7B </h3> <p><strong>Convert P7B to PEM</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl pkcs7 <span class="nt">-print_certs</span> <span class="nt">-in</span> certificate.p7b <span class="nt">-out</span> certificate.cer </code></pre> </div> <p><strong>Convert P7B to PFX</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl pkcs7 <span class="nt">-print_certs</span> <span class="nt">-in</span> certificate.p7b <span class="nt">-out</span> certificate.cer openssl pkcs12 <span class="nt">-export</span> <span class="nt">-in</span> certificate.cer <span class="nt">-inkey</span> privateKey.key <span class="nt">-out</span> certificate.pfx <span class="nt">-certfile</span> CACert.cer </code></pre> </div> <h3> OpenSSL Convert PFX </h3> <p><strong>Convert PFX to PEM</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>openssl pkcs12 <span class="nt">-in</span> certificate.pfx <span class="nt">-out</span> certificate.cer <span class="nt">-nodes</span> </code></pre> </div> rsa openssl keypairs cryptography