Generate public key and private key with OpenSSL in Windows 10

How to Retrieve the Public Key from RSA Private Key ?

This tutorial guides you on how to retrieve the public key from RSA private key or key pair pem file. To know how to generate RSA private key you can also follow this tutorial guide on OpenSSL.

Retrieve the Public Key from RSA Private Key

Once you install OpenSSL in your Windows machine, then you need to run the following openssl command to generate RSA key pair. Running this command will produce public-private key pair, 2048 bit long RSA private key and store the generated pair in key.pem file as shown below.

>openssl genrsa -out key.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
.....................................+++++
.....................................+++++
e is 65537 (0x010001)

The following command will help you in extracting the public key “public.pem” from the key.pem file. This is how you need to retrieve the public key from RSA Private key.

>openssl rsa -in key.pem -outform PEM -pubout -out public.pem
writing RSA key

Note, If you wanted to read .pem file to get the private and public key via Java program then following this tutorial. Using this guide you will be able to read .pem file to get public and private key and use them in your API requests in your project work flows.

Verify key pair and retrieved public key

You need to run the following command to see all parts of key.pem file. You would see content that got printed in the screen that includes the modulus, public exponent, private exponent, primes, exponents etc., which were used to perform RSA operations to generate RSA key pair as shown below.

>openssl rsa -text -in key.pem
RSA Private-Key: (1024 bit, 2 primes)
modulus:
    00:c1:de:8c:c4:a8:b8:da:b8:a6:40:7d:58:51:5c:
    36:91:57:08:82:6c:40:59:bf:3c:c6:87:4f:46:1d:
    --
    --
publicExponent: 65537 (0x10001)
privateExponent:
    37:24:a7:23:94:de:27:90:57:f1:85:f5:a6:06:b5:
    9a:b7:87:bb:19:31:60:95:ad:a2:c6:7f:fc:f0:83:
    --
    --
prime1:
    00:df:93:12:f0:a7:00:25:8d:30:e5:f6:1e:f3:e9:
    9e:4f:09:3d:33:0c:db:69:ee:ee:71:3c:02:5b:c2:
    -- 
    --
prime2:
    00:dd:fc:93:4c:80:62:75:fe:96:46:98:98:e0:14:
    13:79:99:7e:93:96:18:e4:b2:26:68:04:a9:a8:84:
    --
    --
exponent1:
    00:a5:3e:f8:55:c4:a9:38:18:16:57:31:c5:88:f4:
    58:1d:04:b0:26:26:4f:9a:09:8e:55:45:4c:5c:f4:
    -- 
    --
exponent2:
    00:da:cf:37:06:26:5a:67:42:4e:30:42:04:16:83:
    d3:7a:7d:f1:45:5a:a3:28:f1:ed:67:84:89:13:02:
    -- 
    --
coefficient:
    00:d2:a3:39:36:7e:7c:04:9b:ed:ab:e6:79:3a:b1:
    0d:cb:d4:c9:56:61:41:5f:3b:16:cb:db:45:06:ee:
    -- 
    --
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDB3ozEqLjauKZAfVhRXDaRVwiCbEBZvzzGh09GHVzSdPlN1VhO
OUP537Q7/PAiiLmmudGRh8gcSKt5HvthYPweLutyKB+LcPnFYT9sDCJiLfq/unUc
x1WwkW28oTxs6SAjbv05LzuAvmopr9a86xvZWpLdd/8izJ/h72JNUpHCcwIDAQAB
AoGANySnI5TeJ5BX8YX1pga1mreHuxkxYJWtosZ//PCDI3WUJ9hkKrPNKvi/WkTC
xP/g1pSKEHvvpmPhKi1u0S715t0zgBgQiATVKXYxQMGrZeUdmNo0T8CtlpFXeB88
z/N/58a6Ikh2O9EulpKpr/DILdI6bLIVmkse4EYPoxdgb2kCQQDfkxLwpwAljTDl
9h7z6Z5PCT0zDNtp7u5xPAJbwuaW0Y7T6W7e2QmccGDOKiRecKrl8xGfaBV9IwD1
m+Dl/17/AkEA3fyTTIBidf6WRpiY4BQTeZl+k5YY5LImaASpqITrrobzjFfE8yun
Bz7TH39StbqtjOownPFbKun/RZxiW4WQjQJBAKU++FXEqTgYFlcxxYj0WB0EsCYm
T5oJjlVFTFz0Piik9NMuCtNNSWxGJ1baEQ14augQ8yqF7LQUBiaCswRr7pMCQQDa
zzcGJlpnQk4wQgQWg9N6ffFFWqMo8e1nhIkTAgop2v2/7VfF9dZLDwMdvevyE5M0
HjdSy5j4oPQtUmulGO+VAkEA0qM5Nn58BJvtq+Z5OrENy9TJVmFBXzsWy9tFBu76
kZs3TbiI5LOfFtUS+Omf/gxn9jP2TJhujce1raaZjiqi3Q==
-----END RSA PRIVATE KEY-----

The following command with option “-RSAPublicKey_out” is used to ouput a public key from RSA key pair.

>openssl rsa -text -in key.pem -RSAPublicKey_out
RSA Private-Key: (1024 bit, 2 primes)
modulus:
    00:c1:de:8c:c4:a8:b8:da:b8:a6:40:7d:58:51:5c:
    36:91:57:08:82:6c:40:59:bf:3c:c6:87:4f:46:1d:
    -- 
    --
publicExponent: 65537 (0x10001)
privateExponent:
    37:24:a7:23:94:de:27:90:57:f1:85:f5:a6:06:b5:
    9a:b7:87:bb:19:31:60:95:ad:a2:c6:7f:fc:f0:83:
    --
    --
prime1:
    00:df:93:12:f0:a7:00:25:8d:30:e5:f6:1e:f3:e9:
    9e:4f:09:3d:33:0c:db:69:ee:ee:71:3c:02:5b:c2:
    --
    --
prime2:
    00:dd:fc:93:4c:80:62:75:fe:96:46:98:98:e0:14:
    13:79:99:7e:93:96:18:e4:b2:26:68:04:a9:a8:84:
    --
    --
exponent1:
    00:a5:3e:f8:55:c4:a9:38:18:16:57:31:c5:88:f4:
    58:1d:04:b0:26:26:4f:9a:09:8e:55:45:4c:5c:f4:
    --
    --
exponent2:
    00:da:cf:37:06:26:5a:67:42:4e:30:42:04:16:83:
    d3:7a:7d:f1:45:5a:a3:28:f1:ed:67:84:89:13:02:
    --
    --
coefficient:
    00:d2:a3:39:36:7e:7c:04:9b:ed:ab:e6:79:3a:b1:
    0d:cb:d4:c9:56:61:41:5f:3b:16:cb:db:45:06:ee:
    --
    --
writing RSA key
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAMHejMSouNq4pkB9WFFcNpFXCIJsQFm/PMaHT0YdXNJ0+U3VWE45Q/nf
tDv88CKIuaa50ZGHyBxIq3ke+2Fg/B4u63IoH4tw+cVhP2wMImIt+r+6dRzHVbCR
bbyhPGzpICNu/TkvO4C+aimv1rzrG9lakt13/yLMn+HvYk1SkcJzAgMBAAE=
-----END RSA PUBLIC KEY-----

When you run the following openssl help command it would list other valid options that you can use with openssl rsa command.

>openssl rsa -text -help
Usage: rsa [options]
Valid options are:
 -help              Display this summary
 -inform format     Input format, one of DER PEM
 -outform format    Output format, one of DER PEM PVK
 -in val            Input file
 -out outfile       Output file
 -pubin             Expect a public key in input file
 -pubout            Output a public key
 -passout val       Output file pass phrase source
 -passin val        Input file pass phrase source
 -RSAPublicKey_in   Input is an RSAPublicKey
 -RSAPublicKey_out  Output is an RSAPublicKey
 -noout             Don't print key out
 -text              Print the key in text
 -modulus           Print the RSA key modulus
 -check             Verify key consistency
 -*                 Any supported cipher
 -pvk-strong        Enable 'Strong' PVK encoding level (default)
 -pvk-weak          Enable 'Weak' PVK encoding level
 -pvk-none          Don't enforce PVK encoding
 -engine val        Use engine, possibly a hardware device

Also See:

References:

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments