How to generate RSA and EC keys with OpenSSL - JohnHau/mis GitHub Wiki

ow to generate keys in PEM format using the OpenSSL command line tools?

RSA keys The JOSE standard recommends a minimum RSA key size of 2048 bits.

To generate a 2048-bit RSA private + public key pair for use in RSxxx and PSxxx signatures:

openssl genrsa 2048 -out rsa-2048bit-key-pair.pem Elliptic Curve keys To generate an EC key pair the curve designation must be specified. Note that JOSE ESxxx signatures require P-256, P-384 and P-521 curves (see their corresponding OpenSSL identifiers below).

Elliptic Curve private + public key pair for use with ES256 signatures:

openssl ecparam -genkey -name prime256v1 -noout -out ec256-key-pair.pem Elliptic Curve private + public key pair for use with ES384 signatures:

openssl ecparam -genkey -name secp384r1 -noout -out ec384-key-pair.pem Elliptic Curve private + public key pair for use with ES512 signatures:

openssl ecparam -genkey -name secp521r1 -noout -out ec512-key-pair.pem