How to generate a pair of RSA encryption keys for use in iOS (or elsewhere) using OpenSSL!

It took me too long to piece this information together, so I’m posting it here for posterity, and hopefully the Googles.  There are 1000 ways to skin a cat with OpenSSL, however these are at least proven to work within an iOS application via the Xcode libraries.

First, make sure you have a version of OpenSSL that is not of the Heartbleed variety.  If you are using OS X’s built-in OpenSSL, you should be ok.  Head to the Terminal (or CMD prompt) and get started:

OpenSSL commands:

  1. openssl genrsa -out rsaPrivateKey.pem 4096 (2048 is likely fine too – dealers choice)
  2. openssl rsa -in rsaPrivateKey.pem -out rsaPrivateKey.key
  3. openssl req -new -key rsaPrivateKey.key -out rsaCertReq.crt (this step requires basic info, and iOS requires a password, so set one when it asks)
  4. openssl x509 -req -days 10000 -in rsaCertReq.crt -signkey rsaPrivateKey.key -out rsaCert.crt
  5. openssl x509 -outform der -in rsaCert.crt -out publicKey.der
  6. openssl pkcs12 -export -out privateKey.pfx -inkey rsaPrivateKey.key -in rsaCert.crt

In the end, the important files from an iOS standpoint are publicKey.der and privateKey.pfx.  You will use publicKey.der to encrypt data, and privateKey.pfx to decrypt.  I will eventually be posting Swift code later that shows how to use these keys in actual code.  For now, enjoy your keys!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s