OPENSSL-GENPKEY(1ssl) OpenSSL OPENSSL-GENPKEY(1ssl) openssl-genpkey - openssl genpkey [-help] [-out _] [-outpubkey _] [-outform DER|PEM] [-verbose] [-quiet] [-pass ] [-] [-paramfile ] [-algorithm ] [-pkeyopt :] [-genparam] [-text] [-rand ] [-writerand ] [-engine ] [-provider ] [-provider-path ] [-provparam [:]=] [-propquery _] [-config _] . -help . -out _ . . -outpubkey _ . . -outform DER|PEM -genparam PEM. openssl-format-options(1) . -genparam -outform. -verbose " " . -quiet " " . -pass . openssl-passphrase-options(1). - . EVP_get_cipherbyname(). -aes-128-cbc AES 128 CBC. -algorithm RSA DSA DH DHX. -pkeyopt. -paramfile -algorithm . . RSA RSA-PSS EC X25519 X448 ED25519 ED448 ML-DSA ML-KEM. ( -genparam) DH DSA EC. X9.42 DH DHX PKCS#3 DH. DH DHX. -pkeyopt : opt value. . " " " " . opt : openssl genpkey -algorithm XXX -help -genparam . -algorithm -paramfile -pkeyopt. -paramfile _ . . . -pkeyopt. -paramfile -algorithm . -text ( ) PEM DER. -rand -writerand " " openssl(1) . -engine " " openssl(1). . -provider -provider-path -provparam [:]= -propquery _ " " openssl(1) provider(7) property(7). -config _ " " openssl(1). . OpenSSL . X25519 X448 ED25519 ED448. RSA rsa_keygen_bits:_ . 2048. rsa_keygen_primes:__ . 2. rsa_keygen_pubexp: RSA. "0x". 65537. RSA-PSS : RSA-PSS. rsa_keygen_bits:_ rsa_keygen_primes:__ rsa_keygen_pubexp: RSA. rsa_pss_keygen_md: . rsa_pss_keygen_mgf1_md:digest digest MGF1 . rsa_pss_keygen_saltlen:len len (salt). EC EC . ec_paramgen_curve:curve EC . OpenSSL NIST "P-256". ec_param_enc:encoding . encoding named_curve explicit. named_curve. ML-DSA hexseed:seed seed () ML-DSA . 32 64 . . . EVP_PKEY-ML-DSA(7) . ML-KEM hexseed:seed seed () ML-KEM . 64 128 . . . EVP_PKEY-ML-KEM(7) . DH group:name paramfile . " DH" . . OpenSSL . DSA dsa_paramgen_bits:numbits . 2048. dsa_paramgen_q_bits:numbits qbits:numbits q. 160 224 256. 224. dsa_paramgen_md:digest digest:digest (digest) . sha1 sha224 sha256. q dsa_paramgen_q_bits. q sha1 q 160 sha224 224 sha256 256. properties:query query digest . type:type . 1 FIPS186-2 . 0 FIPS186-4. gindex:index g. 0..255 . . index g. g . -1. hexseed:seed seed . . . DH group type. group . group:name dh_param:name DH DH. . algorithm "DH" : "ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192" "modp_1536" "modp_2048" "modp_3072" "modp_4096" "modp_6144" "modp_8192". algorithm "DHX" RFC5114 : "dh_1024_160" "dh_2048_224" "dh_2048_256". dh_rfc5114:num RFC5114 . num 1 2 3 group "dh_1024_160" "dh_2048_224" "dh_2048_256". . pbits:numbits dh_paramgen_prime_len:numbits p. 2048. qbits:numbits dh_paramgen_subprime_len:numbits q. 224. dh_paramgen_type DHX. safeprime-generator:value dh_paramgen_generator:value g. 2. algorithm "DH" . type:string DH . : "generator" safeprime_generator. algorithm "DH". "fips186_4" FIPS186-4. algorithm "DHX". "fips186_2" FIPS186-4. algorithm "DHX". "group" pbits "ffdhe2048" "ffdhe3072" "ffdhe4096" "ffdhe6144" "ffdhe8192". algorithm "DH". "default" algorithm. OpenSSL . algorithm "DH" "generator". algorithm "DHX" "fips186_2". dh_paramgen_type:value DH . 0 1 2 3 type "generator" "fips186_2" "fips186_4" "group". digest:digest . sha1 sha224 sha256. qbits qbits. q sha1 q 160 sha224 224 sha256 256. "fips186_4" "fips186_2". properties:query query digest . "fips186_4" "fips186_2". gindex:index g. 0..255 . . index g. g . -1. "fips186_4" "fips186_2". hexseed:seed seed . . . "fips186_4" "fips186_2". EC EC . " EC" . genpkey (ENGINE). RSA : openssl genpkey -algorithm RSA -out key.pem AES 128 "hello": openssl genpkey -algorithm RSA -out key.pem -aes-128-cbc -pass pass:hello RSA 2048 3 : openssl genpkey -algorithm RSA -out key.pem \ -pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3 DSA 2048 : gindex seed pem ). openssl genpkey -genparam -algorithm DSA -out dsap.pem -pkeyopt pbits:2048 \ -pkeyopt qbits:224 -pkeyopt digest:SHA256 -pkeyopt gindex:1 -text DSA : openssl genpkey -paramfile dsap.pem -out dsakey.pem DH 4096 ffdhe4096: openssl genpkey -algorithm DH -out dhkey.pem -pkeyopt group:ffdhe4096 X9.42 DH 2048 256 RFC5114 group3: openssl genpkey -algorithm DHX -out dhkey.pem -pkeyopt dh_rfc5114:3 DH DH: openssl genpkey -paramfile dhp.pem -out dhkey.pem DH ffdhe2048: openssl genpkey -genparam -algorithm DH -out dhp.pem -pkeyopt group:ffdhe2048 X9.42 DH 2048 224 RFC5114 group2: openssl genpkey -genparam -algorithm DHX -out dhp.pem -pkeyopt dh_rfc5114:2 X9.42 DH 2048 224 FIP186-4: openssl genpkey -genparam -algorithm DHX -out dhp.pem -text \ -pkeyopt pbits:2048 -pkeyopt qbits:224 -pkeyopt digest:SHA256 \ -pkeyopt gindex:1 -pkeyopt dh_paramgen_type:2 X9.42 DH 1024 160 FIP186-2: openssl genpkey -genparam -algorithm DHX -out dhp.pem -text \ -pkeyopt pbits:1024 -pkeyopt qbits:160 -pkeyopt digest:SHA1 \ -pkeyopt gindex:1 -pkeyopt dh_paramgen_type:1 DH 2048 : openssl genpkey -genparam -algorithm DH -out dhp.pem \ -pkeyopt dh_paramgen_prime_len:2048 DH 2048 : openssl genpkey -genparam -algorithm DH -out dhpx.pem \ -pkeyopt dh_paramgen_prime_len:2048 \ -pkeyopt dh_paramgen_type:1 EC: openssl genpkey -genparam -algorithm EC -out ecp.pem \ -pkeyopt ec_paramgen_curve:secp384r1 \ -pkeyopt ec_param_enc:named_curve EC : openssl genpkey -paramfile ecp.pem -out eckey.pem EC : openssl genpkey -algorithm EC -out eckey.pem \ -pkeyopt ec_paramgen_curve:P-384 \ -pkeyopt ec_param_enc:named_curve X25519 : openssl genpkey -algorithm X25519 -out xkey.pem ED448 : openssl genpkey -algorithm ED448 -out xkey.pem ML-DSA-65 : openssl genpkey -algorithm ML-DSA-65 -out ml-dsa-key.pem ML-KEM-768 : openssl genpkey -algorithm ML-KEM-768 -out ml-kem-key.pem NIST EC 1.0.2 OpenSSL. X25519 1.1.0 OpenSSL. X448 ED25519 ED448 1.1.1 OpenSSL. -engine OpenSSL 3.0. ML-DSA ML-KEM 3.5 OpenSSL. 2006-2025 OpenSSL. . Apache 2.0 ( ""). . LICENSE . 3 . . : . 3.6.2 7 2026 OPENSSL-GENPKEY(1ssl)