57

My questions are

  • How to create
    • a public key
    • and private key with OpenSSL in windows?
  • How to put the created public key
    • in .crt file and
    • the private one in .pcks8 file

I want to use these two keys to sign a SAML assertion in Java.

Thanks in advance.

surfmuggle
  • 5,527
  • 7
  • 48
  • 77
Karim
  • 637
  • 1
  • 5
  • 13
  • 3
    Your question is a bit unclear. A certificate (what you usually store in a `.crt` file) contains a public key, but a public key in itself is not a certificate – Mathias R. Jessen Jun 10 '17 at 14:37
  • @MathiasR.Jessen i'm trying to create a credential in opensaml-j and this latter requires a public key and private key in order to use this credential in a signature – Karim Jun 10 '17 at 14:39
  • 4
    It looks like you have three questions. The first question: [How to generate RSA private key using OpenSSL?](https://stackoverflow.com/q/5927164/608639) The second question is at [Programmatically Create X509 Certificate using OpenSSL](https://stackoverflow.com/q/256405/608639). The third question, save as PKCS#8, just uses [`i2d_RSAPrivateKey_bio`](https://www.openssl.org/docs/manmaster/man3/i2d_RSAPrivateKey_bio.html). An example of writing in all the formats is also given at [How to generate RSA private key using OpenSSL?](https://stackoverflow.com/a/30493975/608639) – jww Jun 10 '17 at 15:51
  • You should ask a separate question for the SAML signature. You need to provide your data, and show your code. – jww Jun 10 '17 at 15:51
  • @jww i don't have three question i only have one the rest u mentionned in your comment about certificates i know how to do it – Karim Jun 10 '17 at 17:59
  • Does this answer your question? [How to generate RSA private key using OpenSSL?](https://stackoverflow.com/questions/5927164/how-to-generate-rsa-private-key-using-openssl) – user207421 Mar 05 '20 at 11:19

1 Answers1

128

You can generate a public-private keypair with the genrsa context (the last number is the keylength in bits):

openssl genrsa -out keypair.pem 2048

To extract the public part, use the rsa context:

openssl rsa -in keypair.pem -pubout -out publickey.crt

Finally, convert the original keypair to PKCS#8 format with the pkcs8 context:

openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in keypair.pem -out pkcs8.key
Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
  • 2
    `keypair.pem` is identical to `pkcs8.key`. No need for 3rd command. Just make sure you name your private key what you want in the first command, then run the second command to generate your public key. – ubiquibacon Dec 22 '22 at 02:00