In this lesson, we use openssl to generate RSA keys and understand what they contain.

Here, we show how to use openssl to generate RSA private key and public key.

The command is openssl genrsa and we have our option des,

which is using the 3des to encrypt,

to protect the private key using a pass phrase.

And then we have option up,

which specifies the file we are going to save.

The private key is private.pem and the last parameter, 2048,

indicates we are generating a key size that is 2,048 bits.

We are generating a 2048 bit private key.

The private key is encrypted using 3des with password phase.

Okay. And save it in the private.pem, in.pem file format.

The private key file contains actually multiple information data.

First is the P,

the private key exponent.

Next one is N, modules,

and then followed by p and q with other prime p times q is N. Then the other two numbers

we are going to talk about when we are using the formula

to openssl command to display that.

We can use the information in private key

to quickly extract out quickly the corresponding public key,

which is encoding the two E and N. Actually,

these E and N are all part of the information encoded in the private key.

No computation is needed.

Remember that. Maybe it will show up in the test.

The command is 'openssl rsa' minus the option 'in privatekey.pem'

and option 'outform' within the format 'PEM'

and the option pubout because we are going to generate the public key as the output.

Option out is specified,

we are going to save it as a public.pem.

The input file is private.pem and the key option is,

to be remembered carefully, is pubout. Okay.

Here we use the openssl to show what is inside the public key.

The openssl command is 'openssl

rsa' and option 'noout,' because we are going to bring it out on the screen.

And with option 'text' we are going to bring out as the ask key.

The in-coming format is pem format,

in-coming file is public.pem.

So we are using the option 'in'.

Okay. Ensure the public key file that contains two fields, two informations there.

The first one is the module N. It consists of 2048 bits, per displayed here.

The public key exponent showing in

the last line there is 65537.

Here let's show using the openssl to show what is inside the private key.

The command is 'openssl rsa' with the option minus 'text.'

We are going to bring out on the screen, therefore we use option 'noout'.

Then we redirect the input file coming in which is private,

and protect the private key.

So the file is saved as 'private_ unencrypted.pem'.

We saw there are eight different sections of data on display

here for the private key file.

The first one is module N.

The public key exponent E which is 65537.

The private exponent followed by prime P and prime 2Q,

and then the two exponents and the one coefficient.

Since N and E are already there,

there is no need for us to compute and generate public key from this file.

We showed it last time.

Here is Page 60

of Request For Comment 3447,

which is a 'public-key Crypto Standard, (PKCS) #1',

which is described in detail RSA Cryptography Specifications Version 2.1.

It details the structure in these page.

It details the structure of public key and private key and what they consist of.

Here exponent one is 'd mod (p-1),' while exponent two is d mod (q-1).

The coefficient, the last one,

is (inverse of q) mod p.