RSA Keygen and Management

celestialchips

Ryan Glass

Posted on December 22, 2023

RSA Keygen and Management

So you're trying to learn how to generate and manage your RSA keys. It's pretty simple. The command below is how you would generally create an RSA key.

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Skip add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub
Enter fullscreen mode Exit fullscreen mode

But, if you would like to learn more about the commands continue reading!

First, up we use ssh-keygen which is the script that is used to generate keys.

ssh-keygen
Enter fullscreen mode Exit fullscreen mode

Then we add some flags each flag does it's own thing.

-t rsa Specifies the type of key to create. In this case, rsa indicates an RSA key.

-b 4096 Sets the number of bits in the key, in this case, we're setting 4096 bits. A higher bit count increases security but requires more computational power.

-m PEM Specifies the key format. PEM (Privacy Enhanced Mail) is a base64-encoded DER certificate used for different types of cryptographic keys.

-f jwtRS256.key This flag sets the filename for the private key. Here, the key is saved as jwtRS256.key.

That gives us the full command and breakdown of each parts.

ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
Enter fullscreen mode Exit fullscreen mode

To recap the command above generates a new RSA private key in PEM format with a length of 4096 bits and saves it as jwtRS256.key.

Executing the ssh-keygen command

After executing the ssh-keygen command the console will ask you for a passphrase. You can either leave it blank or enter a passphrase. Adding a passphrase is usually used as additional security.

openssl
Enter fullscreen mode Exit fullscreen mode

rsa specifies the RSA algorithm.

-in jwtRS256.key Indicates the input file, which is the private key file generated by ssh-keygen.

-pubout This flag tells OpenSSL to extract the public key from the input file.

-outform PEM Specifies the format for the output file, which is PEM.

-out jwtRS256.key.pub Sets the filename for the public key. In this case, the public key is saved as jwtRS256.key.pub.
This command uses the private key (jwtRS256.key) to generate a public key and saves it as jwtRS256.key.pub.

That gives us our full command with explanations of each flag!

openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
Enter fullscreen mode Exit fullscreen mode

Finally we execute two commands to display our keys

cat is a standard Unix utility that reads files sequentially, writing them to standard output.

cat jwtRS256.key
cat jwtRS256.key.pub
Enter fullscreen mode Exit fullscreen mode

These commands are typically used in scenarios where RSA keys are needed, such as setting up JWT (JSON Web Tokens) authentication where RSA keys are used to sign and verify the tokens. The private key is used to sign the token, and the corresponding public key is used by the receiver to verify its authenticity.

Image description

That's it we've gone over how to create keys and each of the flags used to create these commands.

💖 💪 🙅 🚩
celestialchips
Ryan Glass

Posted on December 22, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

RSA Keygen and Management
security RSA Keygen and Management

December 22, 2023