How to generate RSA key pair on Linux

RSA ([RFC 3447](https://tools.ietf.org/html/rfc3447)) is one of the first practical public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret (private). In RSA, this asymmetry is based on the practical difficulty of the factorization of the product of two large prime numbers, the “factoring problem”. The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1978. Clifford Cocks, an English mathematician working for the British intelligence agency Government Communications Headquarters (GCHQ), had developed an equivalent system in 1973, but this was not declassified until 1997.
_ Wikipedia

Nowadays, RSA is widely applied to secure systems. One of them is Authentication microservice based on JSON Web Token. I’m writing another tutorial for you about Auth Service / JWT but now I guide you generating RSA keys pair first. With these RSA key pair, you can use them with other services which requires# RSA Auth, ex: Github, Bitbucket, 9Cloud,…

Generate RSA key pair:

Let’s use ssh-keygen as below:

The command above will gen 2 files: example_key_file – the private key – and example_key_file.pub – the public key.
Go detail of command’s option:

  • -b : bits of encrypted algorithm, default by 2048, more bits then more secure
  • -t : type of algorithm, rsa / dsa / ecdsa / ed25519
  • -f : filename of private key

Convert ssh public key .pub into PEM format

.pub is a format that use by SSH OpenSSL. We need to convert the public key into PEM format for suitable used.

  • -f : input file
  • -e : edit format
  • -m : format name

Now, you have the second public file in .pem format.



Other way to create

RSA key pair:

ECDSA key pair:


-name specifies the algorithm which encrypts the key, with the encrypted level 256bits is prime256v1 and 521bits is secp521r1.

see all that curves list: openssl ecparam -list_curves


Hoàng Tựa

Yêu thích lập trình web và tạo ra những thứ đẹp đẽ.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.