44

My question is how to create a public key and private key with OpenSSL in windows and how to put the created public key in .crt file and the private one in .pcks8 file in order to use this two keys to sign a SAML assertion in Java?

Thanks in advance.

Pedro Massango
  • 3,365
  • 2
  • 23
  • 40
Karim
  • 507
  • 1
  • 4
  • 10
  • 3
    Your question is a bit unclear. A certificate (what you usually store in a `.crt` file) contains a public key, but a public key in itself is not a certificate – Mathias R. Jessen Jun 10 '17 at 14:37
  • @MathiasR.Jessen i'm trying to create a credential in opensaml-j and this latter requires a public key and private key in order to use this credential in a signature – Karim Jun 10 '17 at 14:39
  • 3
    It looks like you have three questions. The first question: [How to generate RSA private key using OpenSSL?](https://stackoverflow.com/q/5927164/608639) The second question is at [Programmatically Create X509 Certificate using OpenSSL](https://stackoverflow.com/q/256405/608639). The third question, save as PKCS#8, just uses [`i2d_RSAPrivateKey_bio`](https://www.openssl.org/docs/manmaster/man3/i2d_RSAPrivateKey_bio.html). An example of writing in all the formats is also given at [How to generate RSA private key using OpenSSL?](https://stackoverflow.com/a/30493975/608639) – jww Jun 10 '17 at 15:51
  • You should ask a separate question for the SAML signature. You need to provide your data, and show your code. – jww Jun 10 '17 at 15:51
  • @jww i don't have three question i only have one the rest u mentionned in your comment about certificates i know how to do it – Karim Jun 10 '17 at 17:59
  • Does this answer your question? [How to generate RSA private key using OpenSSL?](https://stackoverflow.com/questions/5927164/how-to-generate-rsa-private-key-using-openssl) – user207421 Mar 05 '20 at 11:19

1 Answers1

95

You can generate a public-private keypair with the genrsa context (the last number is the keylength in bits):

openssl genrsa -out keypair.pem 2048

To extract the public part, use the rsa context:

openssl rsa -in keypair.pem -pubout -out publickey.crt

Finally, convert the original keypair to PKCS#8 format with the pkcs8 context:

openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in keypair.pem -out pkcs8.key
Mathias R. Jessen
  • 135,435
  • 9
  • 130
  • 184