Menu
Generate a 2048 bit RSA Key You can generate a public and private RSA key pair like this: openssl genrsa -des3 -out private.pem 2048 That generates a 2048-bit RSA key pair, encrypts them with a password you provide and writes them to a file. Is the only reason for using RSA is because of its asymmetric geometry (private/public key)? I know that this question is not easy to answer but I will give one example: If I want send secure and encrypted plaintext of - for example - two full A4 pages of text, is it better to use AES-256 or RSA-2048? This command will make a 2048-bit key, run the interactive prompt to populate the fields of the certificate signing request, and leave the private key unencrypted (-nodes). You can remove -nodes if you wish, but encrypting the private key will require you to type the password every time you start an application (like apache) that uses it. A 2048-bit RSA libary that is actually easy to implement - jackkolb/TinyRSA. This document describes how I generate 2048-bit RSA keys. Here is the log to generate signature key and encryption subkey. I invoke GnuPG with -gen-key option. A 1024-bit key is a 1024-bit key, and there is no 2048-bit (or 512-bit or any other size) version of it. If you want to use a longer key, you need to generate a longer key and use that instead of the shorter key.
OpenSSL Generate 4096-bit Certificate (Public/Private Key Encryption) with SHA256 Fingerprint
gencert.sh
# Generate Private Key and Certificate using RSA 256 encryption (4096-bit key) |
openssl req -x509 -newkey rsa:4096 -keyout privatekey.pem -out certificate.pem -days 365 |
# Alternatively, setting the '-newkey' parameter to 'rsa:2048' will generate a 2048-bit key. |
# Generate PKCS#12 (P12) file for cert; combines both key and certificate together |
openssl pkcs12 -export -inkey privatekey.pem -in certificate.pem -out cert.pfx |
# Generate SHA256 Fingerprint for Certificate and export to a file |
openssl x509 -noout -fingerprint -sha256 -inform pem -in certificate.pem >> fingerprint.txt |
# Generate SHA1 Fingerprint for Certificate and export to a file |
#openssl x509 -noout -fingerprint -sha1 -inform pem -in certificate.pem >> fingerprint.txt |
# FYI, it's best practice to use SHA256 instead of SHA1 for better security, but this shows how to do it if you REALLY need to. |
commented Nov 7, 2019
Here's a couple useful links related to this: |
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
Generate A 2048-bit Rsa Private Key
![Can Can](/uploads/1/2/6/4/126415874/321540652.png)
An RSA libary that is actually easy to implement and use. After having greatdifficulty using OpenSSL... LibTomCrypt... various others... I decided to make myown instead, designed for simplicity and ease of use for the programmer. Thislibary does not include padding, ideal-prime-checking, or other advanced featuresfor commercial applications, but should work well for smaller projects with limitedaudiences.
Current Features
![Rsa Rsa](/uploads/1/2/6/4/126415874/698481316.png)
- Generate keys
- Generate a prime number
- Generate a large number
- Primality check (Miller-Rabin)
- Generate a prime number
- Encrypt a number (given public key and n)
- Decrypt a number (given private key and n)
Upcoming Features
- Store keys/outputs as std::string so the user doesn't need to dealwith GMP
- More header guards/standardized formatting
- More comments :-)
- Standalone compiling (without requiring GMP)
Requirements
TinyRSA uses the GNU Multiprecision (GMP) number library to store numbers --this will need to be installed on the system