{
    "content": [
        {
            "type": "text",
            "text": "# rsa (info)\n\n## NAME\n\nasn1parse, ca, ciphers, cms, crl, crl2pkcs7, dgst, dhparam, dsa, dsaparam, ec, ecparam, enc, engine, errstr, gendsa, genpkey, genrsa, info, kdf, mac, nseq, ocsp, passwd, pkcs12, pkcs7, pkcs8, pkey, pkeyparam, pkeyutl, prime, rand, rehash, req, rsa, rsautl, sclient, sserver, stime, sessid, smime, speed, spkac, srp, storeutl, ts, verify, version, x509 - OpenSSL application commands\n\n## SYNOPSIS\n\nopenssl cmd -help | [-option | -option arg] ... [arg] ...\n\n## DESCRIPTION\n\nThe RSA keytype is implemented in OpenSSL's default and FIPS providers.\nThat implementation supports the basic RSA keys, containing the modulus\nn, the public exponent e, the private exponent d, and a collection of\nprime factors, exponents and coefficient for CRT calculations, of which\nthe first few are known as p and q, dP and dQ, and qInv.\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **OPTIONS** (1 subsections)\n- **SEE ALSO**\n- **HISTORY**\n- **COPYRIGHT**\n- **CONFORMING TO**\n- **EXAMPLES**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n"
        }
    ],
    "structuredContent": {
        "command": "rsa",
        "section": "",
        "mode": "info",
        "summary": "asn1parse, ca, ciphers, cms, crl, crl2pkcs7, dgst, dhparam, dsa, dsaparam, ec, ecparam, enc, engine, errstr, gendsa, genpkey, genrsa, info, kdf, mac, nseq, ocsp, passwd, pkcs12, pkcs7, pkcs8, pkey, pkeyparam, pkeyutl, prime, rand, rehash, req, rsa, rsautl, sclient, sserver, stime, sessid, smime, speed, spkac, srp, storeutl, ts, verify, version, x509 - OpenSSL application commands",
        "synopsis": "openssl cmd -help | [-option | -option arg] ... [arg] ...",
        "tldr_summary": null,
        "tldr_examples": [],
        "tldr_source": null,
        "flags": [
            {
                "flag": "",
                "long": null,
                "arg": null,
                "description": "Print out a usage message for the subcommand."
            }
        ],
        "examples": [
            "An EVPPKEY context can be obtained by calling:",
            "EVPPKEYCTX *pctx =",
            "EVPPKEYCTXnewfromname(NULL, \"RSA\", NULL);",
            "An RSA key can be generated simply like this:",
            "pkey = EVPRSAgen(4096);",
            "or like this:",
            "EVPPKEY *pkey = NULL;",
            "EVPPKEYCTX *pctx =",
            "EVPPKEYCTXnewfromname(NULL, \"RSA\", NULL);",
            "EVPPKEYkeygeninit(pctx);",
            "EVPPKEYgenerate(pctx, &pkey);",
            "EVPPKEYCTXfree(pctx);",
            "An RSA key can be generated with key generation parameters:",
            "unsigned int primes = 3;",
            "unsigned int bits = 4096;",
            "OSSLPARAM params[3];",
            "EVPPKEY *pkey = NULL;",
            "EVPPKEYCTX *pctx = EVPPKEYCTXnewfromname(NULL, \"RSA\", NULL);",
            "EVPPKEYkeygeninit(pctx);",
            "params[0] = OSSLPARAMconstructuint(\"bits\", &bits);",
            "params[1] = OSSLPARAMconstructuint(\"primes\", &primes);",
            "params[2] = OSSLPARAMconstructend();",
            "EVPPKEYCTXsetparams(pctx, params);",
            "EVPPKEYgenerate(pctx, &pkey);",
            "EVPPKEYprintprivate(bioout, pkey, 0, NULL);",
            "EVPPKEYCTXfree(pctx);"
        ],
        "see_also": [
            {
                "name": "openssl",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl/1/json"
            },
            {
                "name": "openssl-asn1parse",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-asn1parse/1/json"
            },
            {
                "name": "openssl-ca",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-ca/1/json"
            },
            {
                "name": "openssl-ciphers",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-ciphers/1/json"
            },
            {
                "name": "openssl-cms",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-cms/1/json"
            },
            {
                "name": "openssl-crl",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-crl/1/json"
            },
            {
                "name": "openssl-crl2pkcs7",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-crl2pkcs7/1/json"
            },
            {
                "name": "openssl-dgst",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-dgst/1/json"
            },
            {
                "name": "openssl-dhparam",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-dhparam/1/json"
            },
            {
                "name": "openssl-dsa",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-dsa/1/json"
            },
            {
                "name": "openssl-dsaparam",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-dsaparam/1/json"
            },
            {
                "name": "openssl-ec",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-ec/1/json"
            },
            {
                "name": "openssl-ecparam",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-ecparam/1/json"
            },
            {
                "name": "openssl-enc",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-enc/1/json"
            },
            {
                "name": "openssl-engine",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-engine/1/json"
            },
            {
                "name": "openssl-errstr",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-errstr/1/json"
            },
            {
                "name": "openssl-gendsa",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-gendsa/1/json"
            },
            {
                "name": "openssl-genpkey",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-genpkey/1/json"
            },
            {
                "name": "openssl-genrsa",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-genrsa/1/json"
            },
            {
                "name": "openssl-info",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-info/1/json"
            },
            {
                "name": "openssl-kdf",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-kdf/1/json"
            },
            {
                "name": "openssl-mac",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-mac/1/json"
            },
            {
                "name": "openssl-nseq",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-nseq/1/json"
            },
            {
                "name": "openssl-ocsp",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-ocsp/1/json"
            },
            {
                "name": "openssl-passwd",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-passwd/1/json"
            },
            {
                "name": "openssl-pkcs12",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-pkcs12/1/json"
            },
            {
                "name": "openssl-pkcs7",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-pkcs7/1/json"
            },
            {
                "name": "openssl-pkcs8",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-pkcs8/1/json"
            },
            {
                "name": "openssl-pkey",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-pkey/1/json"
            },
            {
                "name": "openssl-pkeyparam",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-pkeyparam/1/json"
            },
            {
                "name": "openssl-pkeyutl",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-pkeyutl/1/json"
            },
            {
                "name": "openssl-prime",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-prime/1/json"
            },
            {
                "name": "openssl-rand",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-rand/1/json"
            },
            {
                "name": "openssl-rehash",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-rehash/1/json"
            },
            {
                "name": "openssl-req",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-req/1/json"
            },
            {
                "name": "openssl-rsa",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-rsa/1/json"
            },
            {
                "name": "openssl-rsautl",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-rsautl/1/json"
            },
            {
                "name": "openssl-sclient",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-sclient/1/json"
            },
            {
                "name": "openssl-sserver",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-sserver/1/json"
            },
            {
                "name": "openssl-stime",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-stime/1/json"
            },
            {
                "name": "openssl-sessid",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-sessid/1/json"
            },
            {
                "name": "openssl-smime",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-smime/1/json"
            },
            {
                "name": "openssl-speed",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-speed/1/json"
            },
            {
                "name": "openssl-spkac",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-spkac/1/json"
            },
            {
                "name": "openssl-srp",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-srp/1/json"
            },
            {
                "name": "openssl-storeutl",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-storeutl/1/json"
            },
            {
                "name": "openssl-ts",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-ts/1/json"
            },
            {
                "name": "openssl-verify",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-verify/1/json"
            },
            {
                "name": "openssl-version",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-version/1/json"
            },
            {
                "name": "openssl-x509",
                "section": "1",
                "url": "https://www.chedong.com/phpMan.php/man/openssl-x509/1/json"
            }
        ],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "SYNOPSIS",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "DESCRIPTION",
                "lines": 117,
                "subsections": []
            },
            {
                "name": "OPTIONS",
                "lines": 2,
                "subsections": [
                    {
                        "name": "-help",
                        "lines": 2
                    }
                ]
            },
            {
                "name": "SEE ALSO",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "HISTORY",
                "lines": 9,
                "subsections": []
            },
            {
                "name": "COPYRIGHT",
                "lines": 8,
                "subsections": []
            },
            {
                "name": "CONFORMING TO",
                "lines": 6,
                "subsections": []
            },
            {
                "name": "EXAMPLES",
                "lines": 38,
                "subsections": []
            }
        ],
        "sections": {
            "NAME": {
                "content": "EVPPKEY-RSA, EVPKEYMGMT-RSA, RSA - EVPPKEY RSA keytype and algorithm\nsupport\n",
                "subsections": []
            },
            "SYNOPSIS": {
                "content": "openssl cmd -help | [-option | -option arg] ... [arg] ...\n",
                "subsections": []
            },
            "DESCRIPTION": {
                "content": "The RSA keytype is implemented in OpenSSL's default and FIPS providers.\nThat implementation supports the basic RSA keys, containing the modulus\nn, the public exponent e, the private exponent d, and a collection of\nprime factors, exponents and coefficient for CRT calculations, of which\nthe first few are known as p and q, dP and dQ, and qInv.\n\nCommon RSA parameters\nIn addition to the common parameters that all keytypes should support\n(see \"Common parameters\" in provider-keymgmt(7)), the RSA keytype\nimplementation supports the following.\n\n\"n\" (OSSLPKEYPARAMRSAN) <unsigned integer>\nThe RSA \"n\" value.\n\n\"e\" (OSSLPKEYPARAMRSAE) <unsigned integer>\nThe RSA \"e\" value.\n\n\"d\" (OSSLPKEYPARAMRSAD) <unsigned integer>\nThe RSA \"d\" value.\n\n\"rsa-factor1\" (OSSLPKEYPARAMRSAFACTOR1) <unsigned integer>\n\"rsa-factor2\" (OSSLPKEYPARAMRSAFACTOR2) <unsigned integer>\n\"rsa-factor3\" (OSSLPKEYPARAMRSAFACTOR3) <unsigned integer>\n\"rsa-factor4\" (OSSLPKEYPARAMRSAFACTOR4) <unsigned integer>\n\"rsa-factor5\" (OSSLPKEYPARAMRSAFACTOR5) <unsigned integer>\n\"rsa-factor6\" (OSSLPKEYPARAMRSAFACTOR6) <unsigned integer>\n\"rsa-factor7\" (OSSLPKEYPARAMRSAFACTOR7) <unsigned integer>\n\"rsa-factor8\" (OSSLPKEYPARAMRSAFACTOR8) <unsigned integer>\n\"rsa-factor9\" (OSSLPKEYPARAMRSAFACTOR9) <unsigned integer>\n\"rsa-factor10\" (OSSLPKEYPARAMRSAFACTOR10) <unsigned integer>\nRSA prime factors. The factors are known as \"p\", \"q\" and \"ri\" in\nRFC8017.  Up to eight additional \"ri\" prime factors are supported.\n\n\"rsa-exponent1\" (OSSLPKEYPARAMRSAEXPONENT1) <unsigned integer>\n\"rsa-exponent2\" (OSSLPKEYPARAMRSAEXPONENT2) <unsigned integer>\n\"rsa-exponent3\" (OSSLPKEYPARAMRSAEXPONENT3) <unsigned integer>\n\"rsa-exponent4\" (OSSLPKEYPARAMRSAEXPONENT4) <unsigned integer>\n\"rsa-exponent5\" (OSSLPKEYPARAMRSAEXPONENT5) <unsigned integer>\n\"rsa-exponent6\" (OSSLPKEYPARAMRSAEXPONENT6) <unsigned integer>\n\"rsa-exponent7\" (OSSLPKEYPARAMRSAEXPONENT7) <unsigned integer>\n\"rsa-exponent8\" (OSSLPKEYPARAMRSAEXPONENT8) <unsigned integer>\n\"rsa-exponent9\" (OSSLPKEYPARAMRSAEXPONENT9) <unsigned integer>\n\"rsa-exponent10\" (OSSLPKEYPARAMRSAEXPONENT10) <unsigned integer>\nRSA CRT (Chinese Remainder Theorem) exponents. The exponents are\nknown as \"dP\", \"dQ\" and \"di in RFC8017\".  Up to eight additional\n\"di\" exponents are supported.\n\n\"rsa-coefficient1\" (OSSLPKEYPARAMRSACOEFFICIENT1) <unsigned\ninteger>\n\"rsa-coefficient2\" (OSSLPKEYPARAMRSACOEFFICIENT2) <unsigned\ninteger>\n\"rsa-coefficient3\" (OSSLPKEYPARAMRSACOEFFICIENT3) <unsigned\ninteger>\n\"rsa-coefficient4\" (OSSLPKEYPARAMRSACOEFFICIENT4) <unsigned\ninteger>\n\"rsa-coefficient5\" (OSSLPKEYPARAMRSACOEFFICIENT5) <unsigned\ninteger>\n\"rsa-coefficient6\" (OSSLPKEYPARAMRSACOEFFICIENT6) <unsigned\ninteger>\n\"rsa-coefficient7\" (OSSLPKEYPARAMRSACOEFFICIENT7) <unsigned\ninteger>\n\"rsa-coefficient8\" (OSSLPKEYPARAMRSACOEFFICIENT8) <unsigned\ninteger>\n\"rsa-coefficient9\" (OSSLPKEYPARAMRSACOEFFICIENT9) <unsigned\ninteger>\nRSA CRT (Chinese Remainder Theorem) coefficients. The coefficients\nare known as \"qInv\" and \"ti\".  Up to eight additional \"ti\"\nexponents are supported.\n\nRSA key generation parameters\nWhen generating RSA keys, the following key generation parameters may\nbe used.\n\n\"bits\" (OSSLPKEYPARAMRSABITS) <unsigned integer>\nThe value should be the cryptographic length for the RSA\ncryptosystem, in bits.\n\n\"primes\" (OSSLPKEYPARAMRSAPRIMES) <unsigned integer>\nThe value should be the number of primes for the generated RSA key.\nThe default is 2.  It isn't permitted to specify a larger number of\nprimes than 10.  Additionally, the number of primes is limited by\nthe length of the key being generated so the maximum number could\nbe less.  Some providers may only support a value of 2.\n\n\"e\" (OSSLPKEYPARAMRSAE) <unsigned integer>\nThe RSA \"e\" value. The value may be any odd number greater than or\nequal to 65537. The default value is 65537.  For legacy reasons a\nvalue of 3 is currently accepted but is deprecated.\n\nRSA key generation parameters for FIPS module testing\nWhen generating RSA keys, the following additional key generation\nparameters may be used for algorithm testing purposes only. Do not use\nthese to generate RSA keys for a production environment.\n\n\"xp\" (OSSLPKEYPARAMRSATESTXP) <unsigned integer>\n\"xq\" (OSSLPKEYPARAMRSATESTXQ) <unsigned integer>\nThese 2 fields are normally randomly generated and are used to\ngenerate \"p\" and \"q\".\n\n\"xp1\" (OSSLPKEYPARAMRSATESTXP1) <unsigned integer>\n\"xp2\" (OSSLPKEYPARAMRSATESTXP2) <unsigned integer>\n\"xq1\" (OSSLPKEYPARAMRSATESTXQ1) <unsigned integer>\n\"xq2\" (OSSLPKEYPARAMRSATESTXQ2) <unsigned integer>\nThese 4 fields are normally randomly generated. The prime factors\n\"p1\", \"p2\", \"q1\" and \"q2\" are determined from these values.\n\nRSA key parameters for FIPS module testing\nThe following intermediate values can be retrieved only if the values\nspecified in \"RSA key generation parameters for FIPS module testing\"\nare set.  These should not be accessed in a production environment.\n\n\"p1\" (OSSLPKEYPARAMRSATESTP1) <unsigned integer>\n\"p2\" (OSSLPKEYPARAMRSATESTP2) <unsigned integer>\n\"q1\" (OSSLPKEYPARAMRSATESTQ1) <unsigned integer>\n\"q2\" (OSSLPKEYPARAMRSATESTQ2) <unsigned integer>\nThe auxiliary probable primes.\n",
                "subsections": []
            },
            "OPTIONS": {
                "content": "Among others, every subcommand has a help option.\n",
                "subsections": [
                    {
                        "name": "-help",
                        "content": "Print out a usage message for the subcommand.\n"
                    }
                ]
            },
            "SEE ALSO": {
                "content": "EVPRSAgen(3), EVPKEYMGMT(3), EVPPKEY(3), provider-keymgmt(7)\n",
                "subsections": []
            },
            "HISTORY": {
                "content": "Initially, the manual page entry for the \"openssl cmd\" command used to\nbe available at cmd(1). Later, the alias openssl-cmd(1) was introduced,\nwhich made it easier to group the openssl commands using the apropos(1)\ncommand or the shell's tab completion.\n\nIn order to reduce cluttering of the global manual page namespace, the\nmanual page entries without the 'openssl-' prefix have been deprecated\nin OpenSSL 3.0 and will be removed in OpenSSL 4.0.\n",
                "subsections": []
            },
            "COPYRIGHT": {
                "content": "Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\").  You may not use\nthis file except in compliance with the License.  You can obtain a copy\nin the file LICENSE in the source distribution or at\n<https://www.openssl.org/source/license.html>.\n\n3.0.2                             2026-06-02                EVPPKEY-RSA(7SSL)",
                "subsections": []
            },
            "CONFORMING TO": {
                "content": "FIPS186-4\nSection B.3.6  Generation of Probable Primes with Conditions Based\non Auxiliary Probable Primes\n\nRFC 8017, excluding RSA-PSS and RSA-OAEP\n",
                "subsections": []
            },
            "EXAMPLES": {
                "content": "An EVPPKEY context can be obtained by calling:\n\nEVPPKEYCTX *pctx =\nEVPPKEYCTXnewfromname(NULL, \"RSA\", NULL);\n\nAn RSA key can be generated simply like this:\n\npkey = EVPRSAgen(4096);\n\nor like this:\n\nEVPPKEY *pkey = NULL;\nEVPPKEYCTX *pctx =\nEVPPKEYCTXnewfromname(NULL, \"RSA\", NULL);\n\nEVPPKEYkeygeninit(pctx);\nEVPPKEYgenerate(pctx, &pkey);\nEVPPKEYCTXfree(pctx);\n\nAn RSA key can be generated with key generation parameters:\n\nunsigned int primes = 3;\nunsigned int bits = 4096;\nOSSLPARAM params[3];\nEVPPKEY *pkey = NULL;\nEVPPKEYCTX *pctx = EVPPKEYCTXnewfromname(NULL, \"RSA\", NULL);\n\nEVPPKEYkeygeninit(pctx);\n\nparams[0] = OSSLPARAMconstructuint(\"bits\", &bits);\nparams[1] = OSSLPARAMconstructuint(\"primes\", &primes);\nparams[2] = OSSLPARAMconstructend();\nEVPPKEYCTXsetparams(pctx, params);\n\nEVPPKEYgenerate(pctx, &pkey);\nEVPPKEYprintprivate(bioout, pkey, 0, NULL);\nEVPPKEYCTXfree(pctx);\n",
                "subsections": []
            }
        }
    }
}