Generating a Public/Private Key Pair
You need to programmatically create a public/private key pair using the RSA algorithm with a minimum key strength of 2048 bits. The method you use to generate this key pair may differ depending on platform and programming language.
Generating a public/private key pair by using OpenSSL library
The steps below are an example of the process for generating a public/private key pair for key exchange, using OpenSSL. To execute the following commands, you will need an OpenSSL runtime installed (which you can download and install from the OpenSSL website, or install one from your operating system’s package management system).
- Generate an RSA key pair with a 2048 bit private key, by executing the following command:
"openssl genrsa - out private_key.pem 2048"
The following sample shows the command:$ openssl genrsa - out private_key.pem 2048 Generating RSA private key, 2048 bit long modulus ...............+++ ....................................................................... ....................................................+++ e is 65537 (0x10001) - Extract the public key from the RSA key pair, by executing the following command:
"openssl rsa -pubout -in private_key.pem -out public_key.pem"
The following sample shows the command:$ openssl rsa -pubout -in private_key.pem -out public_key.pem writing RSA keyA new file, public_key.pem , is created with the public key.
- Follow the instructions in the next (Validating your private key) section to confirm that your key meets the required criteria.
Validating your private key
When a private key has been generated, you can use the following OpenSSL command to verify that the private key fits the required criteria.
- Execute the following command:
"openssl rsa -in private_key_sample.pem -text" - Verify that the first line of the output includes the private key strength:
Private Key: (2048 bit)
If the first line of output states “ unable to load Private Key ,” your private key is not a valid RSA private key.