← 返回命令列表

Linux command

genpkey.1s 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Generate RSA key

openssl genpkey -algorithm RSA -out [key.pem]

Generate with size

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:[4096] -out [key.pem]

Generate EC key

openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:[P-256] -out [key.pem]

Generate Ed25519 key

openssl genpkey -algorithm ED25519 -out [key.pem]

Generate RSA key encrypted with a passphrase

openssl genpkey -algorithm RSA -aes256 -out [key.pem]

Generate key with passphrase from stdin

openssl genpkey -algorithm RSA -aes256 -pass stdin -out [key.pem]

说明

genpkey is the OpenSSL unified command for generating private keys. It supports RSA, EC (NIST curves), Ed25519, Ed448, X25519, and X448 algorithms through a consistent interface. The tool creates private keys for TLS certificates, code signing, and other cryptographic uses. It supersedes older algorithm-specific commands like genrsa and gendsa with a single, more flexible interface. genpkey is the recommended way to generate keys since OpenSSL 1.0.0. For RSA, the default key size is 2048 bits; 4096 bits is recommended for higher security.

参数

-algorithm _ALG_
Key algorithm: RSA, EC, ED25519, ED448, X25519, X448.
-out _FILE_
Output file (default: stdout).
-pkeyopt _OPT:VALUE_
Algorithm-specific option (e.g., rsa_keygen_bits:4096, ec_paramgen_curve:P-256).
-aes256
Encrypt output key with AES-256-CBC.
-pass _ARG_
Passphrase source for encryption: pass:phrase, stdin, file:path, env:var.
-outform _FORMAT_
Output format: PEM (default), DER.
-text
Print key details in human-readable form in addition to encoded output.
-help
Display help information.

FAQ

What is the genpkey.1s command used for?

genpkey is the OpenSSL unified command for generating private keys. It supports RSA, EC (NIST curves), Ed25519, Ed448, X25519, and X448 algorithms through a consistent interface. The tool creates private keys for TLS certificates, code signing, and other cryptographic uses. It supersedes older algorithm-specific commands like genrsa and gendsa with a single, more flexible interface. genpkey is the recommended way to generate keys since OpenSSL 1.0.0. For RSA, the default key size is 2048 bits; 4096 bits is recommended for higher security.

How do I run a basic genpkey.1s example?

Run `openssl genpkey -algorithm RSA -out [key.pem]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -algorithm _ALG_ do in genpkey.1s?

Key algorithm: RSA, EC, ED25519, ED448, X25519, X448.