# man > RSA(7ssl)

---
type: CommandReference
command: EVP_PKEY-RSA
mode: man
section: 7
source: man-pages
---

## Quick Reference
- Generate RSA key with default parameters: `pkey = EVP_RSA_gen(4096);`
- Create keygen context: `EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);`
- Perform key generation: `EVP_PKEY_keygen_init(pctx);` then `EVP_PKEY_generate(pctx, &pkey);`
- Set generation parameters (e.g., primes, bits) via `OSSL_PARAM` array and `EVP_PKEY_CTX_set_params()`
- Retrieve modulus: use `OSSL_PARAM_construct_BN` with string `"n"` (or `OSSL_PKEY_PARAM_RSA_N`)
- Print private key: `EVP_PKEY_print_private(bio_out, pkey, 0, NULL);`

## Name
EVP_PKEY RSA keytype and algorithm support

## Synopsis
The RSA keytype is used with `EVP_PKEY` functions, identified by the name `"RSA"`. It supports key generation, parameter manipulation, and key printing. The key consists of modulus `n`, public exponent `e`, private exponent `d`, and CRT components (prime factors, exponents, coefficients).

## Options

### Common RSA parameters
- `"n"` (`OSSL_PKEY_PARAM_RSA_N`) `<unsigned integer>` — RSA modulus.
- `"e"` (`OSSL_PKEY_PARAM_RSA_E`) `<unsigned integer>` — Public exponent.
- `"d"` (`OSSL_PKEY_PARAM_RSA_D`) `<unsigned integer>` — Private exponent.
- `"rsa-factor1"`..`"rsa-factor10"` (`OSSL_PKEY_PARAM_RSA_FACTOR1`..`OSSL_PKEY_PARAM_RSA_FACTOR10`) `<unsigned integer>` — Prime factors (p, q, and up to 8 additional r_i per RFC8017).
- `"rsa-exponent1"`..`"rsa-exponent10"` (`OSSL_PKEY_PARAM_RSA_EXPONENT1`..`OSSL_PKEY_PARAM_RSA_EXPONENT10`) `<unsigned integer>` — CRT exponents (dP, dQ, and up to 8 additional d_i).
- `"rsa-coefficient1"`..`"rsa-coefficient9"` (`OSSL_PKEY_PARAM_RSA_COEFFICIENT1`..`OSSL_PKEY_PARAM_RSA_COEFFICIENT9`) `<unsigned integer>` — CRT coefficients (qInv and up to 8 additional t_i).

### RSA key generation parameters
- `"bits"` (`OSSL_PKEY_PARAM_RSA_BITS`) `<unsigned integer>` — Cryptographic length in bits.
- `"primes"` (`OSSL_PKEY_PARAM_RSA_PRIMES`) `<unsigned integer>` — Number of primes (default 2, max 10; subject to key length and provider support).
- `"e"` (`OSSL_PKEY_PARAM_RSA_E`) `<unsigned integer>` — Public exponent (default 65537; odd >= 65537, legacy 3 deprecated).

### FIPS module testing parameters (generation)
*For algorithm testing only; not for production use.*
- `"xp"` (`OSSL_PKEY_PARAM_RSA_TEST_XP`), `"xq"` (`OSSL_PKEY_PARAM_RSA_TEST_XQ`) — Random values used to generate p and q.
- `"xp1"`, `"xp2"`, `"xq1"`, `"xq2"` (`OSSL_PKEY_PARAM_RSA_TEST_XP1`, etc.) — Used to derive auxiliary probable primes.

### FIPS module testing parameters (retrieval)
*Only accessible when the above generation test parameters are set.*
- `"p1"`, `"p2"`, `"q1"`, `"q2"` (`OSSL_PKEY_PARAM_RSA_TEST_P1`, etc.) — The auxiliary probable primes.

### Conformance
- FIPS 186-4 Section B.3.6 (Generation of Probable Primes with Conditions Based on Auxiliary Probable Primes)
- RFC 8017, excluding RSA-PSS and RSA-OAEP

## Examples
c
EVP_PKEY_CTX *pctx =
    EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
Generate a simple key:
c
pkey = EVP_RSA_gen(4096);
Full key generation sequence:
c
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
    EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);

EVP_PKEY_keygen_init(pctx);
EVP_PKEY_generate(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
Key generation with custom `primes` and `bits`:
c
unsigned int primes = 3;
unsigned int bits = 4096;
OSSL_PARAM params[3];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);

EVP_PKEY_keygen_init(pctx);

params[0] = OSSL_PARAM_construct_uint("bits", &bits);
params[1] = OSSL_PARAM_construct_uint("primes", &primes);
params[2] = OSSL_PARAM_construct_end();
EVP_PKEY_CTX_set_params(pctx, params);

EVP_PKEY_generate(pctx, &pkey);
EVP_PKEY_print_private(bio_out, pkey, 0, NULL);
EVP_PKEY_CTX_free(pctx);
## See Also
- [EVP_RSA_gen(3)](http://localhost/phpMan.php/man/EVPRSAgen/3/markdown)
- [EVP_KEYMGMT(3)](http://localhost/phpMan.php/man/KEYMGMT/3/markdown)
- [EVP_PKEY(3)](http://localhost/phpMan.php/man/PKEY/3/markdown)
- [provider-keymgmt(7)](http://localhost/phpMan.php/man/provider-keymgmt/7/markdown)