← 返回命令列表

Linux command

openssl-genrsa 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Generate 2048-bit RSA key

openssl genrsa -out [private.key] 2048

Generate 4096-bit key

openssl genrsa -out [private.key] 4096

Generate encrypted key with AES-256

openssl genrsa -aes256 -out [private.key] 4096

Generate key with a specific public exponent

openssl genrsa -F4 -out [private.key] 2048

Generate key to stdout

openssl genrsa 2048

说明

openssl genrsa generates RSA private keys. The key can optionally be encrypted with a passphrase. Common key sizes are 2048 and 4096 bits. Output is in PEM format by default (PKCS#8 in OpenSSL 3.x, PKCS#1 in older versions). This command is considered a legacy convenience wrapper. The more general openssl genpkey -algorithm RSA is preferred in OpenSSL 3.x and supports additional options.

参数

-out _file_
Output file for private key. Writes to stdout if omitted.
-aes256, -aes192, -aes128, -des3, -des
Encrypt the output key with the specified cipher. Prompts for a passphrase.
-passout _arg_
Password source for encryption (e.g. pass:password, file:pathname, env:var, fd:number, stdin).
-F4
Use 65537 (0x10001) as the public exponent (default).
-3
Use 3 as the public exponent.
-traditional
Write the key in the traditional PKCS#1 format instead of PKCS#8.
-verbose
Print extra details during key generation.

FAQ

What is the openssl-genrsa command used for?

openssl genrsa generates RSA private keys. The key can optionally be encrypted with a passphrase. Common key sizes are 2048 and 4096 bits. Output is in PEM format by default (PKCS#8 in OpenSSL 3.x, PKCS#1 in older versions). This command is considered a legacy convenience wrapper. The more general openssl genpkey -algorithm RSA is preferred in OpenSSL 3.x and supports additional options.

How do I run a basic openssl-genrsa example?

Run `openssl genrsa -out [private.key] 2048` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -out _file_ do in openssl-genrsa?

Output file for private key. Writes to stdout if omitted.