1OPENSSL-RSA(1ossl)                  OpenSSL                 OPENSSL-RSA(1ossl)
2
3
4

NAME

6       openssl-rsa - RSA key processing command
7

SYNOPSIS

9       openssl rsa [-help] [-inform DER|PEM|P12|ENGINE] [-outform DER|PEM]
10       [-in filename|uri] [-passin arg] [-out filename] [-passout arg]
11       [-aes128] [-aes192] [-aes256] [-aria128] [-aria192] [-aria256]
12       [-camellia128] [-camellia192] [-camellia256] [-des] [-des3] [-idea]
13       [-text] [-noout] [-modulus] [-traditional] [-check] [-pubin] [-pubout]
14       [-RSAPublicKey_in] [-RSAPublicKey_out] [-pvk-strong] [-pvk-weak]
15       [-pvk-none] [-engine id] [-provider name] [-provider-path path]
16       [-propquery propq]
17

DESCRIPTION

19       This command processes RSA keys. They can be converted between various
20       forms and their components printed out.
21

OPTIONS

23       -help
24           Print out a usage message.
25
26       -inform DER|PEM|P12|ENGINE
27           The key input format; unspecified by default.  See
28           openssl-format-options(1) for details.
29
30       -outform DER|PEM
31           The key output format; the default is PEM.  See
32           openssl-format-options(1) for details.
33
34       -traditional
35           When writing a private key, use the traditional PKCS#1 format
36           instead of the PKCS#8 format.
37
38       -in filename|uri
39           This specifies the input to read a key from or standard input if
40           this option is not specified. If the key is encrypted a pass phrase
41           will be prompted for.
42
43       -passin arg, -passout arg
44           The password source for the input and output file.  For more
45           information about the format of arg see
46           openssl-passphrase-options(1).
47
48       -out filename
49           This specifies the output filename to write a key to or standard
50           output if this option is not specified. If any encryption options
51           are set then a pass phrase will be prompted for. The output
52           filename should not be the same as the input filename.
53
54       -aes128, -aes192, -aes256, -aria128, -aria192, -aria256, -camellia128,
55       -camellia192, -camellia256, -des, -des3, -idea
56           These options encrypt the private key with the specified cipher
57           before outputting it. A pass phrase is prompted for.  If none of
58           these options is specified the key is written in plain text. This
59           means that this command can be used to remove the pass phrase from
60           a key by not giving any encryption option is given, or to add or
61           change the pass phrase by setting them.  These options can only be
62           used with PEM format output files.
63
64       -text
65           Prints out the various public or private key components in plain
66           text in addition to the encoded version.
67
68       -noout
69           This option prevents output of the encoded version of the key.
70
71       -modulus
72           This option prints out the value of the modulus of the key.
73
74       -check
75           This option checks the consistency of an RSA private key.
76
77       -pubin
78           By default a private key is read from the input file: with this
79           option a public key is read instead.
80
81       -pubout
82           By default a private key is output: with this option a public key
83           will be output instead. This option is automatically set if the
84           input is a public key.
85
86       -RSAPublicKey_in, -RSAPublicKey_out
87           Like -pubin and -pubout except RSAPublicKey format is used instead.
88
89       -pvk-strong
90           Enable 'Strong' PVK encoding level (default).
91
92       -pvk-weak
93           Enable 'Weak' PVK encoding level.
94
95       -pvk-none
96           Don't enforce PVK encoding.
97
98       -engine id
99           See "Engine Options" in openssl(1).  This option is deprecated.
100
101       -provider name
102       -provider-path path
103       -propquery propq
104           See "Provider Options" in openssl(1), provider(7), and property(7).
105

NOTES

107       The openssl-pkey(1) command is capable of performing all the operations
108       this command can, as well as supporting other public key types.
109

EXAMPLES

111       The documentation for the openssl-pkey(1) command contains examples
112       equivalent to the ones listed here.
113
114       To remove the pass phrase on an RSA private key:
115
116        openssl rsa -in key.pem -out keyout.pem
117
118       To encrypt a private key using triple DES:
119
120        openssl rsa -in key.pem -des3 -out keyout.pem
121
122       To convert a private key from PEM to DER format:
123
124        openssl rsa -in key.pem -outform DER -out keyout.der
125
126       To print out the components of a private key to standard output:
127
128        openssl rsa -in key.pem -text -noout
129
130       To just output the public part of a private key:
131
132        openssl rsa -in key.pem -pubout -out pubkey.pem
133
134       Output the public part of a private key in RSAPublicKey format:
135
136        openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
137

BUGS

139       There should be an option that automatically handles .key files,
140       without having to manually edit them.
141

SEE ALSO

143       openssl(1), openssl-pkey(1), openssl-pkcs8(1), openssl-dsa(1),
144       openssl-genrsa(1), openssl-gendsa(1)
145

HISTORY

147       The -engine option was deprecated in OpenSSL 3.0.
148

150       Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
151
152       Licensed under the Apache License 2.0 (the "License").  You may not use
153       this file except in compliance with the License.  You can obtain a copy
154       in the file LICENSE in the source distribution or at
155       <https://www.openssl.org/source/license.html>.
156
157
158
1593.1.1                             2023-08-31                OPENSSL-RSA(1ossl)
Impressum