NAME

RSA_generate_key_ex, RSA_generate_key — generate RSA key pair

SYNOPSIS

#include <openssl/rsa.h>

int
RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);

Deprecated:

RSA *
RSA_generate_key(int num, unsigned long e, void (*callback)(int, int, void *), void *cb_arg);

DESCRIPTION

RSA_generate_key_ex() generates a key pair and stores it in rsa.

The modulus size will be of length bits, and the public exponent will be e. Key sizes with num < 1024 should be considered insecure. The exponent is an odd number, typically 3, 17 or 65537.

A callback function may be used to provide feedback about the progress of the key generation. If cb is not NULL, it will be called as follows using the BN_GENCB_call(3) function:

• While a random prime number is generated, it is called as described in BN_generate_prime(3).
• When the n-th randomly generated prime is rejected as not suitable for the key, BN_GENCB_call(cb, 2, n) is called.
• When a random p has been found with p-1 relatively prime to e, it is called as BN_GENCB_call(cb, 3, 0).

The process is then repeated for prime q with BN_GENCB_call(cb, 3, 1).

RSA_generate_key() is deprecated. New applications should use RSA_generate_key_ex() instead. RSA_generate_key() works in the same way as RSA_generate_key_ex() except it uses "old style" call backs. See BN_generate_prime(3) for further details.

RETURN VALUES

RSA_generate_key_ex() returns 1 on success or 0 on error. RSA_generate_key() returns the key on success or NULL on error.

The error codes can be obtained by ERR_get_error(3).

SEE ALSO

BN_generate_prime(3), RSA_get0_key(3), RSA_meth_set_keygen(3), RSA_new(3)

HISTORY

RSA_generate_key() appeared in SSLeay 0.4 or earlier and had its cb_arg argument added in SSLeay 0.9.0. It has been available since OpenBSD 2.4.

RSA_generate_key_ex() first appeared in OpenSSL 0.9.8 and has been available since OpenBSD 4.5.

BUGS

BN_GENCB_call(cb, 2, x) is used with two different meanings.

RSA_generate_key() goes into an infinite loop for illegal input values.