


GENRSA(1)		     OpenSSL			GENRSA(1)


NAME
       genrsa - generate an RSA private key

SYNOPSIS
       openssl genrsa [-out filename] [-passout arg] [-des]
       [-des3] [-idea] [-f4] [-3] [-rand file(s)] [numbits]

DESCRIPTION
       The genrsa command generates an RSA private key.

OPTIONS
       -out filename
	   the output filename. If this argument is not specified
	   then standard output is used.

       -passout arg
	   the output file password source. For more information
	   about the format of arg see the PASS PHRASE ARGUMENTS
	   section in openssl(1).

       -des|-des3|-idea
	   These options encrypt the private key with the DES,
	   triple DES, or the IDEA ciphers respectively before
	   outputting it. If none of these options is specified
	   no encryption is used. If encryption is used a pass
	   phrase is prompted for if it is not supplied via the
	   -passout argument.

       -F4|-3
	   the public exponent to use, either 65537 or 3. The
	   default is 65537.

       -rand file(s)
	   a file or files containing random data used to seed
	   the random number generator, or an EGD socket (see
	   RAND_egd(3)).  Multiple files can be specified
	   separated by a OS-dependent character.  The separator
	   is ; for MS-Windows, , for OpenVSM, and : for all
	   others.

       numbits
	   the size of the private key to generate in bits. This
	   must be the last option specified. The default is 512.

NOTES
       RSA private key generation essentially involves the
       generation of two prime numbers. When generating a private
       key various symbols will be output to indicate the
       progress of the generation. A . represents each number
       which has passed an initial sieve test, + means a number
       has passed a single round of the Miller-Rabin primality
       test. A newline means that the number has passed all the
       prime tests (the actual number depends on the key size).




19/Mar/2000		      0.9.5a				1





GENRSA(1)		     OpenSSL			GENRSA(1)


       Because key generation is a random process the time taken
       to generate a key may vary somewhat.

BUGS
       A quirk of the prime generation algorithm is that it
       cannot generate small primes. Therefore the number of bits
       should not be less that 64. For typical private keys this
       will not matter because for security reasons they will be
       much larger (typically 1024 bits).

SEE ALSO
       gendsa(1)













































19/Mar/2000		      0.9.5a				2


