Public key cryptography uses private keys to decrypt messages and public keys to encrypt them. Generating a private key is the first step to creating a certificate signing request or a self-signed certificate. Most OpenSSL private key examples suggest creating an RSA private key:
This uses RSA algorithms on semiprimes (the product of similarly sized prime numbers). Elliptic curve (EC) algorithms are an alternative. The OpenSSL process requires creating a named parameter file before the private key can be generated.
$ openssl genrsa -out private.key 2048
This uses RSA algorithms on semiprimes (the product of similarly sized prime numbers). Elliptic curve (EC) algorithms are an alternative. The OpenSSL process requires creating a named parameter file before the private key can be generated.
$ openssl ecparam -out ec-param.pem -name prime256v1
$ openssl ecparam -in ec-param.pem -check -noout -text
ASN1 OID: prime256v1
checking elliptic curve parameters: ok
$ openssl ecparam -in ec-param.pem -genkey -out ec-private.key
$ cat ec-private.key
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-------
---BEGIN EC PRIVATE KEY-----MHcCAQEEIIa2SkCuXClQOwCoS3uIgFnffXj4fWtJe02aLLPNJ077oAoGCCqGSM49AwEHoUQDQgAEzT8n1Wq/4NvY7uYpJ3cr5cjUG1lExgQSL/CoaLxnOYcsALQWU5ZiUVyhuE6cJr0yz6KTWv6lFAmVcY8nZ9kubw==
-----END EC PRIVATE KEY-----
The named curve "prime256v1" was selected as an example. To list all the available curves, run:
$ openssl ecparam -list_curves
The EC private key is drop-in compatible for common CSR and X509 certificate generation:
$ openssl req -key ec-private.key -new -out ec-server.csr
$ openssl req -key ec-private.key -new -x509 -out ec-public.crt
$ openssl x509 -in ec-public.crt -noout -text
Very neat!
Your feedback is needed! If this post was helpful, incorrect or could be better, please comment below.
Also see these my SSL related posts:
SSL Management Tasks
SSL Management Tasks Revisited
Retrieve SSL certificates
Your feedback is needed! If this post was helpful, incorrect or could be better, please comment below.
Also see these my SSL related posts:
SSL Management Tasks
SSL Management Tasks Revisited
Retrieve SSL certificates
Comments