xref: /openssl/doc/man1/openssl-rsa.pod.in (revision da1c088f)
1=pod
2
3=begin comment
4{- join("\n", @autowarntext) -}
5
6=end comment
7
8=head1 NAME
9
10openssl-rsa - RSA key processing command
11
12=head1 SYNOPSIS
13
14B<openssl> B<rsa>
15[B<-help>]
16[B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
17[B<-outform> B<DER>|B<PEM>]
18[B<-in> I<filename>|I<uri>]
19[B<-passin> I<arg>]
20[B<-out> I<filename>]
21[B<-passout> I<arg>]
22[B<-aes128>]
23[B<-aes192>]
24[B<-aes256>]
25[B<-aria128>]
26[B<-aria192>]
27[B<-aria256>]
28[B<-camellia128>]
29[B<-camellia192>]
30[B<-camellia256>]
31[B<-des>]
32[B<-des3>]
33[B<-idea>]
34[B<-text>]
35[B<-noout>]
36[B<-modulus>]
37[B<-traditional>]
38[B<-check>]
39[B<-pubin>]
40[B<-pubout>]
41[B<-RSAPublicKey_in>]
42[B<-RSAPublicKey_out>]
43[B<-pvk-strong>]
44[B<-pvk-weak>]
45[B<-pvk-none>]
46{- $OpenSSL::safe::opt_engine_synopsis -}{- $OpenSSL::safe::opt_provider_synopsis -}
47
48=head1 DESCRIPTION
49
50This command processes RSA keys. They can be converted between
51various forms and their components printed out.
52
53=head1 OPTIONS
54
55=over 4
56
57=item B<-help>
58
59Print out a usage message.
60
61=item B<-inform> B<DER>|B<PEM>|B<P12>|B<ENGINE>
62
63The key input format; unspecified by default.
64See L<openssl-format-options(1)> for details.
65
66=item B<-outform> B<DER>|B<PEM>
67
68The key output format; the default is B<PEM>.
69See L<openssl-format-options(1)> for details.
70
71=item B<-traditional>
72
73When writing a private key, use the traditional PKCS#1 format
74instead of the PKCS#8 format.
75
76=item B<-in> I<filename>|I<uri>
77
78This specifies the input to read a key from or standard input if this
79option is not specified. If the key is encrypted a pass phrase will be
80prompted for.
81
82=item B<-passin> I<arg>, B<-passout> I<arg>
83
84The password source for the input and output file.
85For more information about the format of B<arg>
86see L<openssl-passphrase-options(1)>.
87
88=item B<-out> I<filename>
89
90This specifies the output filename to write a key to or standard output if this
91option is not specified. If any encryption options are set then a pass phrase
92will be prompted for. The output filename should B<not> be the same as the input
93filename.
94
95=item B<-aes128>, B<-aes192>, B<-aes256>, B<-aria128>, B<-aria192>, B<-aria256>, B<-camellia128>, B<-camellia192>, B<-camellia256>, B<-des>, B<-des3>, B<-idea>
96
97These options encrypt the private key with the specified
98cipher before outputting it. A pass phrase is prompted for.
99If none of these options is specified the key is written in plain text. This
100means that this command can be used to remove the pass phrase from a key
101by not giving any encryption option is given, or to add or change the pass
102phrase by setting them.
103These options can only be used with PEM format output files.
104
105=item B<-text>
106
107Prints out the various public or private key components in
108plain text in addition to the encoded version.
109
110=item B<-noout>
111
112This option prevents output of the encoded version of the key.
113
114=item B<-modulus>
115
116This option prints out the value of the modulus of the key.
117
118=item B<-check>
119
120This option checks the consistency of an RSA private key.
121
122=item B<-pubin>
123
124By default a private key is read from the input.
125With this option a public key is read instead.
126If the input contains no public key but a private key, its public part is used.
127
128=item B<-pubout>
129
130By default a private key is output: with this option a public
131key will be output instead. This option is automatically set if
132the input is a public key.
133
134=item B<-RSAPublicKey_in>, B<-RSAPublicKey_out>
135
136Like B<-pubin> and B<-pubout> except B<RSAPublicKey> format is used instead.
137
138=item B<-pvk-strong>
139
140Enable 'Strong' PVK encoding level (default).
141
142=item B<-pvk-weak>
143
144Enable 'Weak' PVK encoding level.
145
146=item B<-pvk-none>
147
148Don't enforce PVK encoding.
149
150{- $OpenSSL::safe::opt_engine_item -}
151
152{- $OpenSSL::safe::opt_provider_item -}
153
154=back
155
156=head1 NOTES
157
158The L<openssl-pkey(1)> command is capable of performing all the operations
159this command can, as well as supporting other public key types.
160
161=head1 EXAMPLES
162
163The documentation for the L<openssl-pkey(1)> command contains examples
164equivalent to the ones listed here.
165
166To remove the pass phrase on an RSA private key:
167
168 openssl rsa -in key.pem -out keyout.pem
169
170To encrypt a private key using triple DES:
171
172 openssl rsa -in key.pem -des3 -out keyout.pem
173
174To convert a private key from PEM to DER format:
175
176 openssl rsa -in key.pem -outform DER -out keyout.der
177
178To print out the components of a private key to standard output:
179
180 openssl rsa -in key.pem -text -noout
181
182To just output the public part of a private key:
183
184 openssl rsa -in key.pem -pubout -out pubkey.pem
185
186Output the public part of a private key in B<RSAPublicKey> format:
187
188 openssl rsa -in key.pem -RSAPublicKey_out -out pubkey.pem
189
190=head1 BUGS
191
192There should be an option that automatically handles F<.key> files,
193without having to manually edit them.
194
195=head1 SEE ALSO
196
197L<openssl(1)>,
198L<openssl-pkey(1)>,
199L<openssl-pkcs8(1)>,
200L<openssl-dsa(1)>,
201L<openssl-genrsa(1)>,
202L<openssl-gendsa(1)>
203
204=head1 HISTORY
205
206The B<-engine> option was deprecated in OpenSSL 3.0.
207
208=head1 COPYRIGHT
209
210Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
211
212Licensed under the Apache License 2.0 (the "License").  You may not use
213this file except in compliance with the License.  You can obtain a copy
214in the file LICENSE in the source distribution or at
215L<https://www.openssl.org/source/license.html>.
216
217=cut
218