-
Is there an OpenSSL command (line utility) to generate any PKey (implemented in any provider, i.e., not only classic keys like RSA or EC) and store/persist/encode both private and public part into a file? For the private key, the command genpkey works perfectly. But how to do the same for the public part? I tried via req -new but this fails if the PKey doesn't represent a key of a signature algorithm (but a KEM). Also pkey doesn't work if the public key cannot be computed from the private key. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 6 replies
-
I do not think there is a command line tool capable of this. The genpkey command should be enhanced with |
Beta Was this translation helpful? Give feedback.
-
I've created a RFE issue in #22132 |
Beta Was this translation helpful? Give feedback.
-
The command for further processing of keys, $ openssl pkey -in test/certs/key-pass-12345.pem -text
Enter pass phrase for test/certs/key-pass-12345.pem:
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/RCj1YL8EoDvQ
...
YqgLSMA70QAkZnqQT83Abp1C
-----END PRIVATE KEY-----
Private-Key: (2048 bit, 2 primes)
modulus:
00:bf:44:28:f5:60:bf:04:a0:3b:d0:bb:50:25:dc:
...
$ openssl pkey -in test/certs/key-pass-12345.pem -pubout
Enter pass phrase for test/certs/key-pass-12345.pem:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0Qo9WC/BKA70LtQJdwV
GSXqr9dut3cQmiFzTb/SaWldjOT1sRNDFxSzdTJjU/8cIDEZvaTIwRxP/dtVQLjc
+4jzrUwz93NuZYlsEWUEUg4Lrnfs0Nz50yHk4rJhVxWjb8Ii/wRBViWHFExP7CwT
kXiTclC1bCqTuWkjxF3thTfTsttRyY7qNkz2JpNx0guD8v4otQoYjA5AEZvK4IXL
wOwxol5xBTMvIrvvff2kkh+c7OC2QVbUTow/oppjqIKCx2maNHCtLFTJELf3fwtR
JLJsy4fKGP0/6kpZc8Sp88WK4B4FauF9IV1CmoAJUC1vJxhagHIKfVtFjUWs8GPo
bQIDAQAB
-----END PUBLIC KEY----- |
Beta Was this translation helpful? Give feedback.
-
@baentsch I pushed the updated version of #13942 - could you please tell me if it's enough on the API level? |
Beta Was this translation helpful? Give feedback.
I do not think there is a command line tool capable of this.
The genpkey command should be enhanced with
-pubout
option being added to output the public key.