|
OpenSSL - Generating RSA Private and Public Keys
Part:
1
2
(Continued from previous part...)
Encrypting RSA Keys
Since RSA keys contains a private key, which should not be share with
anyone else. So it's strongly recommended to store the RSA keys in an
encrypted form with a password to protect them.
Here is how to use OpenSSL to generate a RSA key pair and encrypt it
DES3 algorithm:
>openssl genrsa -des3 -out herong_rsa.key
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
...............................................+++
................................................................+++
e is 65537 (0x10001)
Enter pass phrase for user.key: mykey
Verifying - Enter pass phrase for user.key: mykey
>type herong_rsa.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,61523E68F580569D
MC5FNOEYflddyBF2orcTtzHSUpzrevcxZpbUU827hdmgDEoZKg54VVd9xGnxnodm
hq1LSenM1AxWO5Bzzmxr3WCiz94xPxNSUd/1f9eonaVZT7CaVzn533lj3G26uvtO
OyNXyBcb/kUGHXeCeGU322lB1p8gShOC/P9ip/wQvlR2yaSQGc4xKwON7O4dAvtM
rfoV0YJNCiK/tbK/5YBykMTYBsIAqJRmKKyAILd38dd0/lDTmLDxn2SEmMmuGjTC
yYEXZfW1PJn+gELSD1xysQ58wVtBXvdbQWG0RJYukseLurZABSyz4Lvg8fUboBAJ
42DFO101aaCWR/uuZefNPbPzBWrdh2w+ptqxWTKTOTYoqgrW15VdRE/4YH1N8R8a
wbzOS1oDbiRWH2WXcJ+E1dxh4UEoGuNkCV8W3nmVTvE=
-----END RSA PRIVATE KEY-----
Perfect. This extra parameter "-des3" triggers the "genrsa" command to generate a key pair
and encrypt it immediately with DES-EDE3-CBC algorithm.
The above command is good for encrypting the key pair at the time of generation.
How about encrypt a key pair previously generated? This could be done by the "rsa"
command:
>openssl genrsa -out herong_rsa.key
Loading 'screen' into random state - done
Generating RSA private key, 512 bit long modulus
....++++++++++++
.++++++++++++
e is 65537 (0x10001)
>type herong_rsa.key
-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAKnmGcbuiAGG2XKek5LbVwF7AoT8HuNXXip7KyWevbrFlSxJWSjf
pmeGJo7/Nsw6hFwor28RyAy1wsW5BNYOXdECAwEAAQJAQsEsI6OZQLBRQ93Wsf8I
goZoiQPexwiO8TYPz+o9NeLELOzhYHiKuzOO5c2oVYXTSgM9IMCCo35fkzOlTdyj
oQIhANe/bnRWtO+7gSbcqmINtFW12pbkgzQ+SlQxp7HSNL3FAiEAyZjTrFGKlG9k
Ub4EcNFkWjIzOM/vHifYdmB/ZO9ZzJ0CIHEnEYMqxpLFQKNlMGdk0KPzUMW666VG
1iz6Lf1xRgARAiEAplhZiR27iKGlmKF/TowpDxfPFjjVaP+d6IfVdrbdVS0CIQCY
OHLGbU3QZn2VjSUH/BF4kP7cEPDngxbYiZ2+f2D77Q==
-----END RSA PRIVATE KEY-----
>openssl rsa -in herong_rsa.key -des -out herong_rsa_des.key
writing RSA key
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
>type herong_rsa_des.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,C386818044590B20
10JtM182aDIEMcGLGHXC51woLVdcsYWAAp0tCI1NKJRy/ZBKQLs7gzgGD9ZFBA3D
eZ0W7CVT226yDNSAq/3G+st1cR3kfFmxO3cfT8DHKV4zJVLSRrKfklURp0SdfaB6
LLpbdz9OSwxYphVTBTQAaeLYBipZhyV5BJZeQH40b5S3SclHid5Bn3SaxmFIgRCp
X07GQkiVU+KLhW4Q2v7uV7qU/dlym7WAsxlw4vEw9EhLw2RTPGEC0IaTzPtgWnsE
wQcvS0gDg5C8sP/rpHdQcZFCqpt4+n9M/p1Ciz1d0DNYRefvZnmf9w/z02oT3KY+
nJxrL6kh2kYVUOQKSwlA4Swtt4lPy6gimg+1xG96+BnrG803FYQ23rlusCThg+yw
lHpltupnF9YW38dParIlLsxMxFRhRc8qNZSAwnBHP78=
-----END RSA PRIVATE KEY-----
Conclusion
We have learned two commands here: genrsa and rsa. They can be used generate, view and encrypt RSA key pairs.
Part:
1
2
| 