X.509: Private / Public Key

Question

We\'re trying to implement some functionality of a Web-Service from one of our partners. Now, the content which is beeing transmitted, should be encrypted with a public key,

Answer 1

Public key is stored inside of x.509 certificate. Certificate binds identity information (common name, address, whatever else) to this public key.

Answer 2

Create a private-public key pair.

openssl req -x509 -newkey rsa:2048 -keyout private.key -out public.cert -days 365

Optionally, combine the pair into a single file.

openssl pkcs12 -export -inkey private.key -in public.cert -out certificate.pfx

This results in the following files.

private.key
certificate.pfx
public.cert

See also

• https://www.openssl.org/docs/manmaster/apps/req.html
• https://www.openssl.org/docs/manmaster/apps/pkcs12.html
• https://serverfault.com/questions/9708/what-is-a-pem-file-and-how-does-it-differ-from-other-openssl-generated-key-file

Answer 3

The basics command line steps to generate a private and public key using OpenSSL are as follow

openssl genrsa -out private.key 1024
openssl req -new -x509 -key private.key -out publickey.cer -days 365
openssl pkcs12 -export -out public_privatekey.pfx -inkey private.key -in publickey.cer

Step 1 – generates a private key

Step 2 – creates a X509 certificate (.cer file) containing your public key which you upload when registering your private application (or upgrading to a partner application).

Step 3 – Export your x509 certificate and private key to a pfx file. If your chosen wrapper library uses the .pem file to sign requests then this step is not required.

Hope that helps! This answer explains the different file extensions.