RSA Keygen and Management
Ryan Glass
Posted on December 22, 2023
So you're trying to learn how to generate and manage your RSA keys. It's pretty simple. The command below is how you would generally create an RSA key.
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Skip add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub
But, if you would like to learn more about the commands continue reading!
First, up we use ssh-keygen which is the script that is used to generate keys.
ssh-keygen
Then we add some flags each flag does it's own thing.
-t rsa
Specifies the type of key to create. In this case, rsa indicates an RSA key.
-b 4096
Sets the number of bits in the key, in this case, we're setting 4096 bits. A higher bit count increases security but requires more computational power.
-m PEM
Specifies the key format. PEM (Privacy Enhanced Mail) is a base64-encoded DER certificate used for different types of cryptographic keys.
-f jwtRS256.key
This flag sets the filename for the private key. Here, the key is saved as jwtRS256.key.
That gives us the full command and breakdown of each parts.
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
To recap the command above generates a new RSA private key in PEM format with a length of 4096 bits and saves it as jwtRS256.key.
Executing the ssh-keygen command
After executing the ssh-keygen command the console will ask you for a passphrase. You can either leave it blank or enter a passphrase. Adding a passphrase is usually used as additional security.
openssl
rsa
specifies the RSA algorithm.
-in jwtRS256.key
Indicates the input file, which is the private key file generated by ssh-keygen.
-pubout
This flag tells OpenSSL to extract the public key from the input file.
-outform PEM
Specifies the format for the output file, which is PEM.
-out jwtRS256.key.pub
Sets the filename for the public key. In this case, the public key is saved as jwtRS256.key.pub.
This command uses the private key (jwtRS256.key) to generate a public key and saves it as jwtRS256.key.pub.
That gives us our full command with explanations of each flag!
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
Finally we execute two commands to display our keys
cat
is a standard Unix utility that reads files sequentially, writing them to standard output.
cat jwtRS256.key
cat jwtRS256.key.pub
These commands are typically used in scenarios where RSA keys are needed, such as setting up JWT (JSON Web Tokens) authentication where RSA keys are used to sign and verify the tokens. The private key is used to sign the token, and the corresponding public key is used by the receiver to verify its authenticity.
That's it we've gone over how to create keys and each of the flags used to create these commands.
Posted on December 22, 2023
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.