RSA_GENERATE_KEY(3) | Library Functions Manual | RSA_GENERATE_KEY(3) |

`RSA_generate_key_ex`

,
`RSA_generate_key`

— generate
RSA key pair

```
#include
<openssl/rsa.h>
```

`int`

`RSA_generate_key_ex`

(`RSA *rsa`,
`int bits`, `BIGNUM *e`,
`BN_GENCB *cb`);

Deprecated:

`RSA *`

`RSA_generate_key`

(`int num`,
`unsigned long e`, `void (*callback)(int,
int, void *)`, `void *cb_arg`);

`RSA_generate_key_ex`

()
generates a key pair and stores it in `rsa`.

The modulus size will be of length `bits`, and
the public exponent will be `e`. Key sizes with
`num` < 1024 should be considered insecure. The
exponent is an odd number, typically 3, 17 or 65537.

A callback function may be used to provide feedback about the
progress of the key generation. If `cb` is not
`NULL`

, it will be called as follows using the
BN_GENCB_call(3) function:

- While a random prime number is generated, it is called as described in BN_generate_prime(3).
- When the
`n`-th randomly generated prime is rejected as not suitable for the key,`BN_GENCB_call`

(`cb`,`2`,`n`) is called. - When a random p has been found with p-1 relatively prime to
`e`, it is called as`BN_GENCB_call`

(`cb`,`3`,`0`).

The process is then repeated for prime q with
`BN_GENCB_call`

(`cb`,
`3`, `1`).

`RSA_generate_key`

()
is deprecated. New applications should use
`RSA_generate_key_ex`

() instead.
`RSA_generate_key`

() works in the same way as
`RSA_generate_key_ex`

() except it uses "old
style" call backs. See
BN_generate_prime(3) for
further details.

`RSA_generate_key_ex`

() returns 1 on success
or 0 on error. `RSA_generate_key`

() returns the key on
success or `NULL`

on error.

The error codes can be obtained by ERR_get_error(3).

BN_generate_prime(3), RSA_get0_key(3), RSA_meth_set_keygen(3), RSA_new(3)

`RSA_generate_key`

() appeared in SSLeay 0.4
or earlier and had its `cb_arg` argument added in SSLeay
0.9.0. It has been available since OpenBSD 2.4.

`RSA_generate_key_ex`

() first appeared in
OpenSSL 0.9.8 and has been available since OpenBSD
4.5.

`BN_GENCB_call`

(`cb`,
`2`, `x`) is used with two different
meanings.

`RSA_generate_key`

() goes into an infinite
loop for illegal input values.

June 10, 2019 | OpenBSD-current |