{ "mode": "man", "parameter": "OPENSSL-GENRSA", "section": "1SSL", "url": "https://www.chedong.com/phpMan.php/man/OPENSSL-GENRSA/1SSL/json", "generated": "2026-06-16T06:17:44Z", "synopsis": "openssl genrsa [-help] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256]\n[-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3]\n[-idea] [-F4] [-f4] [-3] [-primes num] [-verbose] [-traditional] [-rand files] [-writerand\nfile] [-engine id] [-provider name] [-provider-path path] [-propquery propq] [numbits]", "sections": { "NAME": { "content": "openssl-genrsa - generate an RSA private key\n", "subsections": [] }, "SYNOPSIS": { "content": "openssl genrsa [-help] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256]\n[-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3]\n[-idea] [-F4] [-f4] [-3] [-primes num] [-verbose] [-traditional] [-rand files] [-writerand\nfile] [-engine id] [-provider name] [-provider-path path] [-propquery propq] [numbits]\n", "subsections": [] }, "DESCRIPTION": { "content": "This command has been deprecated. The openssl-genpkey(1) command should be used instead.\n\nThis command generates an RSA private key.\n", "subsections": [] }, "OPTIONS": { "content": "", "subsections": [ { "name": "-help", "content": "Print out a usage message.\n" }, { "name": "-out", "content": "Output the key to the specified file. If this argument is not specified then standard\noutput is used.\n" }, { "name": "-passout", "content": "The output file password source. For more information about the format see\nopenssl-passphrase-options(1).\n" }, { "name": "-aes128 -aes192 -aes256 -aria128 -aria192 -aria256 -camellia128 -camellia192", "content": "" }, { "name": "-camellia256 -des -des3 -idea", "content": "These options encrypt the private key with specified cipher before outputting it. If none\nof these options is specified no encryption is used. If encryption is used a pass phrase\nis prompted for if it is not supplied via the -passout argument.\n" }, { "name": "-F4 -f4 -3", "content": "The public exponent to use, either 65537 or 3. The default is 65537. The -3 option has\nbeen deprecated.\n", "flag": "-3" }, { "name": "-primes", "content": "Specify the number of primes to use while generating the RSA key. The num parameter must\nbe a positive integer that is greater than 1 and less than 16. If num is greater than 2,\nthen the generated key is called a 'multi-prime' RSA key, which is defined in RFC 8017.\n" }, { "name": "-verbose", "content": "Print extra details about the operations being performed.\n" }, { "name": "-traditional", "content": "Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.\n" }, { "name": "-rand -writerand", "content": "See \"Random State Options\" in openssl(1) for details.\n" }, { "name": "-engine", "content": "See \"Engine Options\" in openssl(1). This option is deprecated.\n" }, { "name": "-provider", "content": "" }, { "name": "-provider-path", "content": "" }, { "name": "-propquery", "content": "See \"Provider Options\" in openssl(1), provider(7), and property(7).\n" }, { "name": "numbits", "content": "The size of the private key to generate in bits. This must be the last option specified.\nThe default is 2048 and values less than 512 are not allowed.\n" } ] }, "NOTES": { "content": "RSA private key generation essentially involves the generation of two or more prime numbers.\nWhen generating a private key various symbols will be output to indicate the progress of the\ngeneration. A . represents each number which has passed an initial sieve test, + means a\nnumber has passed a single round of the Miller-Rabin primality test, * means the current\nprime starts a regenerating progress due to some failed tests. A newline means that the\nnumber has passed all the prime tests (the actual number depends on the key size).\n\nBecause key generation is a random process the time taken to generate a key may vary\nsomewhat. But in general, more primes lead to less generation time of a key.\n", "subsections": [] }, "SEE ALSO": { "content": "openssl(1), openssl-genpkey(1), openssl-gendsa(1)\n", "subsections": [] }, "HISTORY": { "content": "This command was deprecated in OpenSSL 3.0.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-06-02 OPENSSL-GENRSA(1SSL)", "subsections": [] } }, "summary": "openssl-genrsa - generate an RSA private key", "flags": [ { "flag": "", "long": null, "arg": null, "description": "Print out a usage message." }, { "flag": "", "long": null, "arg": null, "description": "Output the key to the specified file. If this argument is not specified then standard output is used." }, { "flag": "", "long": null, "arg": null, "description": "The output file password source. For more information about the format see openssl-passphrase-options(1)." }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "These options encrypt the private key with specified cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the -passout argument." }, { "flag": "-3", "long": null, "arg": null, "description": "The public exponent to use, either 65537 or 3. The default is 65537. The -3 option has been deprecated." }, { "flag": "", "long": null, "arg": null, "description": "Specify the number of primes to use while generating the RSA key. The num parameter must be a positive integer that is greater than 1 and less than 16. If num is greater than 2, then the generated key is called a 'multi-prime' RSA key, which is defined in RFC 8017." }, { "flag": "", "long": null, "arg": null, "description": "Print extra details about the operations being performed." }, { "flag": "", "long": null, "arg": null, "description": "Write the key using the traditional PKCS#1 format instead of the PKCS#8 format." }, { "flag": "", "long": null, "arg": null, "description": "See \"Random State Options\" in openssl(1) for details." }, { "flag": "", "long": null, "arg": null, "description": "See \"Engine Options\" in openssl(1). This option is deprecated." }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "See \"Provider Options\" in openssl(1), provider(7), and property(7)." } ], "examples": [], "see_also": [ { "name": "openssl", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/openssl/1/json" }, { "name": "openssl-genpkey", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/openssl-genpkey/1/json" }, { "name": "openssl-gendsa", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/openssl-gendsa/1/json" } ] }