Openssl Generate Key Pair Passphrase

Jul 21, 2011  To create a new Private Key without a passphrase. # openssl genrsa -out www.example.com.key 4096 To create a new password protected Private Key (Remember the passphrase) # openssl genrsa -des3 -out www.example.com.key.password 4096 To remove the passphrase from the password protected Private Key.

Common OpenSSL Commands with Keys and Certificates

Generate RSA private key with certificate in a single command

Generate

Generate Certificate Signing Request (CSR) from private key with passphrase

Generate RSA private key (2048 bit)

Generate a Certificate Signing Request (CSR)

Generate RSA private key (2048 bit) and a Certificate Signing Request (CSR) with a single command

Convert private key to PEM format

Generate a self-signed certificate that is valid for a year with sha256 hash

View details of a RSA private key

View details of a CSR

View details of a Certificate

View details of a Certificate in DER format

Convert a DER file (.crt .cer .der) to PEM

Convert a PEM file to DER

The PuTTYgen program is part of PuTTY, an open source networking client for the Windows platform.

Generate
To generate an SSH key pair on Windows using the PuTTYgen program:

Openssl Generate Public Private Key

  1. Download and install PuTTY or PuTTYgen.

    To download PuTTY or PuTTYgen, go to http://www.putty.org/ and click the You can download PuTTY here link.

  2. Run the PuTTYgen program.
  3. Set the Type of key to generate option to SSH-2 RSA.
  4. In the Number of bits in a generated key box, enter 2048.
  5. Click Generate to generate a public/private key pair.

    As the key is being generated, move the mouse around the blank area as directed.

  6. (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.

    Note:

    While a passphrase is not required, you should specify one as a security measure to protect the private key from unauthorized use. When you specify a passphrase, a user must enter the passphrase every time the private key is used.

  7. Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of .ppk (PuTTY private key).

    Note:

    The .ppk file extension indicates that the private key is in PuTTY's proprietary format. You must use a key of this format when using PuTTY as your SSH client. It cannot be used with other SSH client tools. Refer to the PuTTY documentation to convert a private key in this format to a different format.
  8. Select all of the characters in the Public key for pasting into OpenSSH authorized_keys file box.

    Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.

  9. Right-click somewhere in the selected text and select Copy from the menu.
  10. Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.
  11. Save the text file in the same folder where you saved the private key, using the .pub extension to indicate that the file contains a public key.
  12. If you or others are going to use an SSH client that requires the OpenSSH format for private keys (such as the ssh utility on Linux), export the private key:
    1. On the Conversions menu, choose Export OpenSSH key.
    2. Save the private key in OpenSSH format in the same folder where you saved the private key in .ppk format, using an extension such as .openssh to indicate the file's content.