| 1 | <DRAFT!>
|
|---|
| 2 | HOWTO keys
|
|---|
| 3 |
|
|---|
| 4 | 1. Introduction
|
|---|
| 5 |
|
|---|
| 6 | Keys are the basis of public key algorithms and PKI. Keys usually
|
|---|
| 7 | come in pairs, with one half being the public key and the other half
|
|---|
| 8 | being the private key. With OpenSSL, the private key contains the
|
|---|
| 9 | public key information as well, so a public key doesn't need to be
|
|---|
| 10 | generated separately.
|
|---|
| 11 |
|
|---|
| 12 | Public keys come in several flavors, using different cryptographic
|
|---|
| 13 | algorithms. The most popular ones associated with certificates are
|
|---|
| 14 | RSA and DSA, and this HOWTO will show how to generate each of them.
|
|---|
| 15 |
|
|---|
| 16 |
|
|---|
| 17 | 2. To generate a RSA key
|
|---|
| 18 |
|
|---|
| 19 | A RSA key can be used both for encryption and for signing.
|
|---|
| 20 |
|
|---|
| 21 | Generating a key for the RSA algorithm is quite easy, all you have to
|
|---|
| 22 | do is the following:
|
|---|
| 23 |
|
|---|
| 24 | openssl genrsa -des3 -out privkey.pem 2048
|
|---|
| 25 |
|
|---|
| 26 | With this variant, you will be prompted for a protecting password. If
|
|---|
| 27 | you don't want your key to be protected by a password, remove the flag
|
|---|
| 28 | '-des3' from the command line above.
|
|---|
| 29 |
|
|---|
| 30 | The number 2048 is the size of the key, in bits. Today, 2048 or
|
|---|
| 31 | higher is recommended for RSA keys, as fewer amount of bits is
|
|---|
| 32 | consider insecure or to be insecure pretty soon.
|
|---|
| 33 |
|
|---|
| 34 |
|
|---|
| 35 | 3. To generate a DSA key
|
|---|
| 36 |
|
|---|
| 37 | A DSA key can be used for signing only. It is important to
|
|---|
| 38 | know what a certificate request with a DSA key can really be used for.
|
|---|
| 39 |
|
|---|
| 40 | Generating a key for the DSA algorithm is a two-step process. First,
|
|---|
| 41 | you have to generate parameters from which to generate the key:
|
|---|
| 42 |
|
|---|
| 43 | openssl dsaparam -out dsaparam.pem 2048
|
|---|
| 44 |
|
|---|
| 45 | The number 2048 is the size of the key, in bits. Today, 2048 or
|
|---|
| 46 | higher is recommended for DSA keys, as fewer amount of bits is
|
|---|
| 47 | consider insecure or to be insecure pretty soon.
|
|---|
| 48 |
|
|---|
| 49 | When that is done, you can generate a key using the parameters in
|
|---|
| 50 | question (actually, several keys can be generated from the same
|
|---|
| 51 | parameters):
|
|---|
| 52 |
|
|---|
| 53 | openssl gendsa -des3 -out privkey.pem dsaparam.pem
|
|---|
| 54 |
|
|---|
| 55 | With this variant, you will be prompted for a protecting password. If
|
|---|
| 56 | you don't want your key to be protected by a password, remove the flag
|
|---|
| 57 | '-des3' from the command line above.
|
|---|
| 58 |
|
|---|
| 59 |
|
|---|
| 60 | 4. To generate an EC key
|
|---|
| 61 |
|
|---|
| 62 | An EC key can be used both for key agreement (ECDH) and signing (ECDSA).
|
|---|
| 63 |
|
|---|
| 64 | Generating a key for ECC is similar to generating a DSA key. These are
|
|---|
| 65 | two-step processes. First, you have to get the EC parameters from which
|
|---|
| 66 | the key will be generated:
|
|---|
| 67 |
|
|---|
| 68 | openssl ecparam -name prime256v1 -out prime256v1.pem
|
|---|
| 69 |
|
|---|
| 70 | The prime256v1, or NIST P-256, which stands for 'X9.62/SECG curve over
|
|---|
| 71 | a 256-bit prime field', is the name of an elliptic curve which generates the
|
|---|
| 72 | parameters. You can use the following command to list all supported curves:
|
|---|
| 73 |
|
|---|
| 74 | openssl ecparam -list_curves
|
|---|
| 75 |
|
|---|
| 76 | When that is done, you can generate a key using the created parameters (several
|
|---|
| 77 | keys can be produced from the same parameters):
|
|---|
| 78 |
|
|---|
| 79 | openssl genpkey -des3 -paramfile prime256v1.pem -out private.key
|
|---|
| 80 |
|
|---|
| 81 | With this variant, you will be prompted for a password to protect your key.
|
|---|
| 82 | If you don't want your key to be protected by a password, remove the flag
|
|---|
| 83 | '-des3' from the command line above.
|
|---|
| 84 |
|
|---|
| 85 | You can also directly generate the key in one step:
|
|---|
| 86 |
|
|---|
| 87 | openssl ecparam -genkey -name prime256v1 -out private.key
|
|---|
| 88 |
|
|---|
| 89 | or
|
|---|
| 90 |
|
|---|
| 91 | openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256
|
|---|
| 92 |
|
|---|
| 93 |
|
|---|
| 94 | 5. NOTE
|
|---|
| 95 |
|
|---|
| 96 | If you intend to use the key together with a server certificate,
|
|---|
| 97 | it may be reasonable to avoid protecting it with a password, since
|
|---|
| 98 | otherwise someone would have to type in the password every time the
|
|---|
| 99 | server needs to access the key.
|
|---|
| 100 |
|
|---|
| 101 | For X25519 and X448, it's treated as a distinct algorithm but not as one of
|
|---|
| 102 | the curves listed with 'ecparam -list_curves' option. You can use
|
|---|
| 103 | the following command to generate an X25519 key:
|
|---|
| 104 |
|
|---|
| 105 | openssl genpkey -algorithm X25519 -out xkey.pem
|
|---|
