How to generate keys in PEM formatusing the OpenSSL command line tools?

RSA keys

1. How to Generate & Use Private Keys using OpenSSL's Command Line Tool These commands generate and use private keys in unencrypted binary (not Base64 “PEM”) PKCS#8 format. The PKCS#8 format is used here because it is the most interoperable format when dealing with software that isn't based on OpenSSL.
2. Reasons for importing keys include wanting to make a backup of a private key (generated keys are non-exportable, for security reasons), or if the private key is provided by an external source. This document will guide you through using the OpenSSL command line tool to generate a key pair which you can then import into a YubiKey.

The JOSE standard recommends a minimum RSA key size of 2048 bits.

To generate a 2048-bit RSA private + public key pair for use in RSxxx and PSxxxsignatures:

Elliptic Curve keys

Mar 15, 2012  Demonstration of using OpenSSL to create RSA public/private key pair, sign and encrypt messages using those keys and then decrypt and verify the received messages. Commands used: openssl.

To generate an EC key pair the curve designation must be specified. Note thatJOSE ESxxx signatures require P-256, P-384 and P-521 curves (see theircorresponding OpenSSL identifiers below).

Elliptic Curve private + public key pair for use with ES256 signatures: Man in the mirror song download.

Elliptic Curve private + public key pair for use with ES384 signatures:

Elliptic Curve private + public key pair for use with ES512 signatures: /ms-office-standard-2010-product-key-generator.html.

PEM key parsing in Java

The BouncyCastle library provides a simpleutility to parse PEM-encoded keys in Java, to use them for JWS or JWE later.

For Maven you should include the following BouncyCastle dependencies (where1.52 is the latest stable version as of May 2015):

Generating Rsa Key Pair Using Openssl 1

Example parsing of an PEM-encoded EC key in Java: