Generate Private and Public key OpenSSL

As I can see from the output, you choose wrong algorithm. Shouldn't you pass -aes128 instead of -aes-128-cbc?

From manual I assume that -aes-128-cbc is a proper parameter for openssl enc, but I don't know if it should work for genrsa.


'genrsa' generates just an RSA key.

'req' then uses that key to make a x509 style request.

If you just need a rsa key pair - use genrsa.

If you need a keypair and a signed x509 request you use 'genrsa' and then 'req'.

Optionally 'req' can also generate that key for you (i.e. it encapsulates the 'genrsa' command (and the gendh).

So:

 openssl genrsa -aes128 -out privkey.pem 2048
 openssl req -new -x509 -key privkey.pem 

is almost equivalent to

 openssl req -new -x509 -keyout privkey.pem  -newkey rsa:2048

except that unlike 'genrsa', 'req' does not allow you to specify aes128 as the encryption.

So in a lot of enterprise settings one does it in two steps as to get sufficient control over the key encryption applied.