genpkey.1s

openssl genpkey [options]

genpkey is the OpenSSL unified command for generating private keys. It supports RSA, EC (NIST curves), Ed25519, Ed448, X25519, and X448 algorithms through a consistent interface.The tool creates private keys for TLS certificates, code signing, and other cryptographic uses. It supersedes older algorithm-specific commands like genrsa and gendsa with a single, more flexible interface.genpkey is the recommended way to generate keys since OpenSSL 1.0.0. For RSA, the default key size is 2048 bits; 4096 bits is recommended for higher security.

-algorithm ALG

Key algorithm: RSA, EC, ED25519, ED448, X25519, X448.

Output file (default: stdout).

Algorithm-specific option (e.g., rsakeygenbits:4096, ecparamgencurve:P-256).

Encrypt output key with AES-256-CBC.

Passphrase source for encryption: pass:phrase, stdin, file:path, env:var.

Output format: PEM (default), DER.

Print key details in human-readable form in addition to encoded output.

Display help information.

Key security depends on parameters. Protect private keys. Algorithm support varies by OpenSSL version.

genpkey was added to OpenSSL as a unified key generation command, replacing algorithm-specific commands like genrsa and gendsa with a consistent interface.

openssl(1), openssl-genrsa(1), openssl-pkey(1), openssl-req(1)