Generate Private and Public key OpenSSL
As I can see from the output, you choose wrong algorithm.
Shouldn't you pass -aes128
instead of -aes-128-cbc
?
From manual I assume that -aes-128-cbc
is a proper parameter for openssl enc
, but I don't know if it should work for genrsa
.
'genrsa' generates just an RSA key.
'req' then uses that key to make a x509 style request.
If you just need a rsa key pair - use genrsa.
If you need a keypair and a signed x509 request you use 'genrsa' and then 'req'.
Optionally 'req' can also generate that key for you (i.e. it encapsulates the 'genrsa' command (and the gendh).
So:
openssl genrsa -aes128 -out privkey.pem 2048
openssl req -new -x509 -key privkey.pem
is almost equivalent to
openssl req -new -x509 -keyout privkey.pem -newkey rsa:2048
except that unlike 'genrsa', 'req' does not allow you to specify aes128 as the encryption.
So in a lot of enterprise settings one does it in two steps as to get sufficient control over the key encryption applied.