Generate 4096-bit RSA key:
openssl genrsa -out private.key 4096
With passphrase protection:
openssl genrsa -aes256 -out private.key 4096
Generate EC key with P-256 curve:
openssl ecparam -genkey -name prime256v1 -out private.key
List available curves:
openssl ecparam -list_curves
From RSA private key:
openssl rsa -in private.key -pubout -out public.key
From EC private key:
openssl ec -in private.key -pubout -out public.key
RSA key:
openssl rsa -in private.key -text -noout
EC key:
openssl ec -in private.key -text -noout
PEM to DER:
openssl rsa -in private.key -outform DER -out private.der
DER to PEM:
openssl rsa -in private.der -inform DER -outform PEM -out private.key
openssl rsa -in encrypted.key -out decrypted.key
openssl rsa -in decrypted.key -aes256 -out encrypted.key
# Compare modulus (should match)
openssl rsa -in private.key -modulus -noout | openssl md5
openssl x509 -in cert.pem -modulus -noout | openssl md5