{ "content": [ { "type": "text", "text": "# OPENSSL-GENRSA (man)\n\n## NAME\n\nopenssl-genrsa - generate an RSA private key\n\n## SYNOPSIS\n\nopenssl genrsa [-help] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256]\n[-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3]\n[-idea] [-F4] [-f4] [-3] [-primes num] [-verbose] [-traditional] [-rand files] [-writerand\nfile] [-engine id] [-provider name] [-provider-path path] [-propquery propq] [numbits]\n\n## DESCRIPTION\n\nThis command has been deprecated. The openssl-genpkey(1) command should be used instead.\n\n## TLDR\n\n> Generate RSA private keys.\n\n- Generate an RSA private key of 2048 bits to `stdout`:\n `openssl genrsa`\n- Save an RSA private key of an arbitrary number of bits to the output file:\n `openssl genrsa -out {{output_file.key}} {{1234}}`\n- Generate an RSA private key and encrypt it with AES256 (you will be prompted for a passphrase):\n `openssl genrsa {{aes256}}`\n\n*Source: tldr-pages*\n\n## Sections\n\n- **NAME**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **OPTIONS** (15 subsections)\n- **NOTES**\n- **SEE ALSO**\n- **HISTORY**\n- **COPYRIGHT**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "OPENSSL-GENRSA", "section": "", "mode": "man", "summary": "openssl-genrsa - generate an RSA private key", "synopsis": "openssl genrsa [-help] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256]\n[-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3]\n[-idea] [-F4] [-f4] [-3] [-primes num] [-verbose] [-traditional] [-rand files] [-writerand\nfile] [-engine id] [-provider name] [-provider-path path] [-propquery propq] [numbits]", "tldr_summary": "Generate RSA private keys.", "tldr_examples": [ { "description": "Generate an RSA private key of 2048 bits to `stdout`", "command": "openssl genrsa" }, { "description": "Save an RSA private key of an arbitrary number of bits to the output file", "command": "openssl genrsa -out {{output_file.key}} {{1234}}" }, { "description": "Generate an RSA private key and encrypt it with AES256 (you will be prompted for a passphrase)", "command": "openssl genrsa {{aes256}}" } ], "tldr_source": "official", "flags": [ { "flag": "", "long": null, "arg": null, "description": "Print out a usage message." }, { "flag": "", "long": null, "arg": null, "description": "Output the key to the specified file. If this argument is not specified then standard output is used." }, { "flag": "", "long": null, "arg": null, "description": "The output file password source. For more information about the format see openssl-passphrase-options(1)." }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "These options encrypt the private key with specified cipher before outputting it. If none of these options is specified no encryption is used. If encryption is used a pass phrase is prompted for if it is not supplied via the -passout argument." }, { "flag": "-3", "long": null, "arg": null, "description": "The public exponent to use, either 65537 or 3. The default is 65537. The -3 option has been deprecated." }, { "flag": "", "long": null, "arg": null, "description": "Specify the number of primes to use while generating the RSA key. The num parameter must be a positive integer that is greater than 1 and less than 16. If num is greater than 2, then the generated key is called a 'multi-prime' RSA key, which is defined in RFC 8017." }, { "flag": "", "long": null, "arg": null, "description": "Print extra details about the operations being performed." }, { "flag": "", "long": null, "arg": null, "description": "Write the key using the traditional PKCS#1 format instead of the PKCS#8 format." }, { "flag": "", "long": null, "arg": null, "description": "See \"Random State Options\" in openssl(1) for details." }, { "flag": "", "long": null, "arg": null, "description": "See \"Engine Options\" in openssl(1). This option is deprecated." }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "" }, { "flag": "", "long": null, "arg": null, "description": "See \"Provider Options\" in openssl(1), provider(7), and property(7)." } ], "examples": [], "see_also": [ { "name": "openssl", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/openssl/1/json" }, { "name": "openssl-genpkey", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/openssl-genpkey/1/json" }, { "name": "openssl-gendsa", "section": "1", "url": "https://www.chedong.com/phpMan.php/man/openssl-gendsa/1/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 5, "subsections": [] }, { "name": "DESCRIPTION", "lines": 4, "subsections": [] }, { "name": "OPTIONS", "lines": 1, "subsections": [ { "name": "-help", "lines": 2 }, { "name": "-out", "lines": 3 }, { "name": "-passout", "lines": 3 }, { "name": "-aes128 -aes192 -aes256 -aria128 -aria192 -aria256 -camellia128 -camellia192", "lines": 1 }, { "name": "-camellia256 -des -des3 -idea", "lines": 4 }, { "name": "-F4 -f4 -3", "lines": 3, "flag": "-3" }, { "name": "-primes", "lines": 4 }, { "name": "-verbose", "lines": 2 }, { "name": "-traditional", "lines": 2 }, { "name": "-rand -writerand", "lines": 2 }, { "name": "-engine", "lines": 2 }, { "name": "-provider", "lines": 1 }, { "name": "-provider-path", "lines": 1 }, { "name": "-propquery", "lines": 2 }, { "name": "numbits", "lines": 3 } ] }, { "name": "NOTES", "lines": 10, "subsections": [] }, { "name": "SEE ALSO", "lines": 2, "subsections": [] }, { "name": "HISTORY", "lines": 2, "subsections": [] }, { "name": "COPYRIGHT", "lines": 9, "subsections": [] } ], "sections": { "NAME": { "content": "openssl-genrsa - generate an RSA private key\n", "subsections": [] }, "SYNOPSIS": { "content": "openssl genrsa [-help] [-out filename] [-passout arg] [-aes128] [-aes192] [-aes256]\n[-aria128] [-aria192] [-aria256] [-camellia128] [-camellia192] [-camellia256] [-des] [-des3]\n[-idea] [-F4] [-f4] [-3] [-primes num] [-verbose] [-traditional] [-rand files] [-writerand\nfile] [-engine id] [-provider name] [-provider-path path] [-propquery propq] [numbits]\n", "subsections": [] }, "DESCRIPTION": { "content": "This command has been deprecated. The openssl-genpkey(1) command should be used instead.\n\nThis command generates an RSA private key.\n", "subsections": [] }, "OPTIONS": { "content": "", "subsections": [ { "name": "-help", "content": "Print out a usage message.\n" }, { "name": "-out", "content": "Output the key to the specified file. If this argument is not specified then standard\noutput is used.\n" }, { "name": "-passout", "content": "The output file password source. For more information about the format see\nopenssl-passphrase-options(1).\n" }, { "name": "-aes128 -aes192 -aes256 -aria128 -aria192 -aria256 -camellia128 -camellia192", "content": "" }, { "name": "-camellia256 -des -des3 -idea", "content": "These options encrypt the private key with specified cipher before outputting it. If none\nof these options is specified no encryption is used. If encryption is used a pass phrase\nis prompted for if it is not supplied via the -passout argument.\n" }, { "name": "-F4 -f4 -3", "content": "The public exponent to use, either 65537 or 3. The default is 65537. The -3 option has\nbeen deprecated.\n", "flag": "-3" }, { "name": "-primes", "content": "Specify the number of primes to use while generating the RSA key. The num parameter must\nbe a positive integer that is greater than 1 and less than 16. If num is greater than 2,\nthen the generated key is called a 'multi-prime' RSA key, which is defined in RFC 8017.\n" }, { "name": "-verbose", "content": "Print extra details about the operations being performed.\n" }, { "name": "-traditional", "content": "Write the key using the traditional PKCS#1 format instead of the PKCS#8 format.\n" }, { "name": "-rand -writerand", "content": "See \"Random State Options\" in openssl(1) for details.\n" }, { "name": "-engine", "content": "See \"Engine Options\" in openssl(1). This option is deprecated.\n" }, { "name": "-provider", "content": "" }, { "name": "-provider-path", "content": "" }, { "name": "-propquery", "content": "See \"Provider Options\" in openssl(1), provider(7), and property(7).\n" }, { "name": "numbits", "content": "The size of the private key to generate in bits. This must be the last option specified.\nThe default is 2048 and values less than 512 are not allowed.\n" } ] }, "NOTES": { "content": "RSA private key generation essentially involves the generation of two or more prime numbers.\nWhen generating a private key various symbols will be output to indicate the progress of the\ngeneration. A . represents each number which has passed an initial sieve test, + means a\nnumber has passed a single round of the Miller-Rabin primality test, * means the current\nprime starts a regenerating progress due to some failed tests. A newline means that the\nnumber has passed all the prime tests (the actual number depends on the key size).\n\nBecause key generation is a random process the time taken to generate a key may vary\nsomewhat. But in general, more primes lead to less generation time of a key.\n", "subsections": [] }, "SEE ALSO": { "content": "openssl(1), openssl-genpkey(1), openssl-gendsa(1)\n", "subsections": [] }, "HISTORY": { "content": "This command was deprecated in OpenSSL 3.0.\n", "subsections": [] }, "COPYRIGHT": { "content": "Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-06-02 OPENSSL-GENRSA(1SSL)", "subsections": [] } } } }