How to create public and private key with openssl?

41
votes

My question is how to create a public key and private key with OpenSSL in windows and how to put the created public key in .crt file and the private one in .pcks8 file in order to use this two keys to sign a SAML assertion in Java?

Thanks in advance.

1
opensslrsadigital-signaturesaml
Your question is a bit unclear. A certificate (what you usually store in a .crt file) contains a public key, but a public key in itself is not a certificateMathias R. Jessen
@MathiasR.Jessen i'm trying to create a credential in opensaml-j and this latter requires a public key and private key in order to use this credential in a signatureKarim
It looks like you have three questions. The first question: How to generate RSA private key using OpenSSL? The second question is at Programmatically Create X509 Certificate using OpenSSL. The third question, save as PKCS#8, just uses i2d_RSAPrivateKey_bio. An example of writing in all the formats is also given at How to generate RSA private key using OpenSSL?jww
You should ask a separate question for the SAML signature. You need to provide your data, and show your code.jww
@jww i don't have three question i only have one the rest u mentionned in your comment about certificates i know how to do itKarim

1 Answers

88
votes

You can generate a public-private keypair with the genrsa context (the last number is the keylength in bits):

openssl genrsa -out keypair.pem 2048

To extract the public part, use the rsa context:

openssl rsa -in keypair.pem -pubout -out publickey.crt

Finally, convert the original keypair to PKCS#8 format with the pkcs8 context:

openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in keypair.pem -out pkcs8.key