1=pod
2
3=head1 NAME
4
5RSA_generate_key_ex, RSA_generate_key,
6RSA_generate_multi_prime_key - generate RSA key pair
7
8=head1 SYNOPSIS
9
10 #include <openssl/rsa.h>
11
12 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
13 int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
14
15Deprecated:
16
17 #if OPENSSL_API_COMPAT < 0x00908000L
18 RSA *RSA_generate_key(int bits, unsigned long e,
19                       void (*callback)(int, int, void *), void *cb_arg);
20 #endif
21
22=head1 DESCRIPTION
23
24RSA_generate_key_ex() generates a 2-prime RSA key pair and stores it in the
25B<RSA> structure provided in B<rsa>. The pseudo-random number generator must
26be seeded prior to calling RSA_generate_key_ex().
27
28RSA_generate_multi_prime_key() generates a multi-prime RSA key pair and stores
29it in the B<RSA> structure provided in B<rsa>. The number of primes is given by
30the B<primes> parameter. The random number generator must be seeded when
31calling RSA_generate_multi_prime_key().
32If the automatic seeding or reseeding of the OpenSSL CSPRNG fails due to
33external circumstances (see L<RAND(7)>), the operation will fail.
34
35The modulus size will be of length B<bits>, the number of primes to form the
36modulus will be B<primes>, and the public exponent will be B<e>. Key sizes
37with B<num> E<lt> 1024 should be considered insecure. The exponent is an odd
38number, typically 3, 17 or 65537.
39
40In order to maintain adequate security level, the maximum number of permitted
41B<primes> depends on modulus bit length:
42
43   <1024 | >=1024 | >=4096 | >=8192
44   ------+--------+--------+-------
45     2   |   3    |   4    |   5
46
47A callback function may be used to provide feedback about the
48progress of the key generation. If B<cb> is not B<NULL>, it
49will be called as follows using the BN_GENCB_call() function
50described on the L<BN_generate_prime(3)> page.
51
52RSA_generate_key() is similar to RSA_generate_key_ex() but
53expects an old-style callback function; see
54L<BN_generate_prime(3)> for information on the old-style callback.
55
56=over 2
57
58=item *
59
60While a random prime number is generated, it is called as
61described in L<BN_generate_prime(3)>.
62
63=item *
64
65When the n-th randomly generated prime is rejected as not
66suitable for the key, B<BN_GENCB_call(cb, 2, n)> is called.
67
68=item *
69
70When a random p has been found with p-1 relatively prime to B<e>,
71it is called as B<BN_GENCB_call(cb, 3, 0)>.
72
73=back
74
75The process is then repeated for prime q and other primes (if any)
76with B<BN_GENCB_call(cb, 3, i)> where B<i> indicates the i-th prime.
77
78=head1 RETURN VALUES
79
80RSA_generate_multi_prime_key() returns 1 on success or 0 on error.
81RSA_generate_key_ex() returns 1 on success or 0 on error.
82The error codes can be obtained by L<ERR_get_error(3)>.
83
84RSA_generate_key() returns a pointer to the RSA structure or
85B<NULL> if the key generation fails.
86
87=head1 BUGS
88
89B<BN_GENCB_call(cb, 2, x)> is used with two different meanings.
90
91=head1 SEE ALSO
92
93L<ERR_get_error(3)>, L<RAND_bytes(3)>, L<BN_generate_prime(3)>,
94L<RAND(7)>
95
96=head1 HISTORY
97
98RSA_generate_key() was deprecated in OpenSSL 0.9.8; use
99RSA_generate_key_ex() instead.
100
101=head1 COPYRIGHT
102
103Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
104
105Licensed under the OpenSSL license (the "License").  You may not use
106this file except in compliance with the License.  You can obtain a copy
107in the file LICENSE in the source distribution or at
108L<https://www.openssl.org/source/license.html>.
109
110=cut
111