Generating RSA Key Pairs with OpenSSL for signing JWT

OpenSSL is a powerful tool for generating RSA key pairs for various cryptographic purposes including signing JSON Web Tokens (JWT).

Below are the steps to generate RSA key pairs using OpenSSL, along with some commonly used options and commands.

  1. Generate a Private Key
openssl genrsa -out private_key.pem 2048
  • -out private_key.pem: Specifies the output file path for the private key.

  • 2048 (bits): The private key length. It is recommended that you use a minimum of 2048 when using RSA 256. If you can, prefer using longer key length. The longer the key is, the more robust the encryption is.

  1. Generate a Public Key from the Private Key
openssl rsa -pubout -in private_key.pem -out public_key.pem
  • -pubout: Instructs OpenSSL to generate the public key.

  • -in private_key.pem: Specifies the input private key file.

  • -out public_key.pem: Specifies the output file for the public key.

  1. View Key Details (Optional)

You can view the details of the generated private and public keys using the following commands:

View Private Key Details

openssl rsa -text -in private_key.pem

View Public Key Details

openssl rsa -pubin -text -in public_key.pem

These commands display detailed information about the keys, including modulus, public exponent, and more.

Remember to keep your private key secure and do not share it publicly. The public key can be freely shared and used for encryption or verifying signatures.

Did you find this article valuable?

Support CerberAuth by becoming a sponsor. Any amount is appreciated!