Keys for JWT

Generate RSA Key Pairs with OpenSSL for signing JWT

Emmanuel Gautier Emmanuel Gautier

OpenSSL is a powerful tool for generating RSA key pairs for various cryptographic purposes including signing JSON Web Tokens (JWT).

Below are the steps to generate RSA key pairs using OpenSSL, along with some commonly used options and commands.

Generate a Private Key

openssl genrsa -out private_key.pem 2048
  • -out private_key.pem: Specifies the output file path for the private key.
  • 2048 (bits): The private key length. It is recommended that you use a minimum of 2048 when using RSA 256. If you can, prefer using longer key length. The longer the key is, the more robust the encryption is.

Generate a Public Key from the Private Key

openssl rsa -pubout -in private_key.pem -out public_key.pem
  • -pubout: Instructs OpenSSL to generate the public key.
  • -in private_key.pem: Specifies the input private key file.
  • -out public_key.pem: Specifies the output file for the public key.

View Key Details (Optional)

You can view the details of the generated private and public keys using the following OpenSSL commands:

openssl rsa -text -in private_key.pem
openssl rsa -pubin -text -in public_key.pem

These commands display detailed information about the keys, including modulus, public exponent, and more.

Remember to keep your private key secure and do not share it publicly. The public key can be freely shared and used for verifying signatures.

Written by


Emmanuel Gautier

Emmanuel Gautier

CerberAuth Founder and Core Contributor