openssl genrsa -des3 -out private.pem 2048
openssl rsa -in private.pem -outform PEM -pubout -out public.pem
-pubout
flag is really important. Be sure to include it.public.pem
and ensure that it starts with-----BEGIN PUBLIC KEY-----
. This is how you know that this file is thepublic key of the pair and not a private key.less
command, like this:less public.pem
openssl rsa -in private.pem -out private_unencrypted.pem -outform PEM
-pubout
was dropped from the end of the command.That changes the meaning of the command from that of exporting the public keyto exporting the private key outside of its encrypted wrapper. Inspecting theoutput file, in this case private_unencrypted.pem
clearly shows that the keyis a RSA private key as it starts with -----BEGIN RSA PRIVATE KEY-----
.-----BEGIN RSA PRIVATE KEY-----
or -----BEGIN PUBLIC KEY-----
.less private.pem
to verify that it starts with a -----BEGIN RSA PRIVATE KEY-----
less public.pem
to verify that it starts with a -----BEGIN PUBLIC KEY-----