Determining the Key Size Using OpenSSL

Last updated: March 18, 2024

Reviewed by: Grzegorz Piwowarek
Baeldung Pro – Linux – NPI EA (cat = Baeldung on Linux)
announcement - icon

Learn through the super-clean Baeldung Pro experience:

>> Membership and Baeldung Pro.

No ads, dark-mode and 6 months free of IntelliJ Idea Ultimate to start with.

Partner – Orkes – NPI EA (tag=Kubernetes)
announcement - icon

Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.

Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.

With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.

Try a 14-Day Free Trial of Orkes Conductor today.

1. Introduction

In today’s digital world, protecting data from unauthorized access is critical. We use encryption to ensure data security amidst the ever-increasing amount of data being generated and shared. Encryption transforms plaintext data into ciphertext that only someone with the appropriate decryption key can decipher.

The key size used in encryption plays a vital role in determining the strength of the encryption. A larger key size makes it more difficult for an attacker to crack the encryption and access the plaintext data. Therefore, it’s crucial to use encryption keys of appropriate strength to ensure the security of the data.

In this article, we’ll dive into how to determine the key size using OpenSSL, generate new keys of a specific size, and ensure we create encryption keys of appropriate strength to protect our data.

2. Determining Key Size

OpenSSL provides a simple command-line tool, openssl, that can be used to determine the key size of a particular encrypted file or message. We can also use the tool to generate new keys of a specified size.

Let’s see how to determine the key size of an existing file or message:

$ openssl rsa -in private.key -text -noout

Private-Key: (2048 bit)
modulus:
    00:9e:83:ae:6d:4f:4f:4a:2b:e4:52:28:2c:e6:72:
    ...

In the above output, we can see that the private key has a size of 2048 bits. This means that the corresponding public key, which is used for encryption, will also have a size of 2048 bits.

Similarly, we can determine the key size of a symmetric key:

$ openssl rsautl -decrypt -inkey private.key -in message.enc.rsa -out message.dec
0000 - 48 65 6c 6c 6f 2c 20 77 6f 72 6c 64 21           - Hello, world!

This command will decrypt the specified message using a symmetric key and then decrypt the symmetric key using the specified private key. The output will include information about the decrypted symmetric key, including its size.

3. Generating Keys of a Specific Size

In addition to determining the key size of existing keys, OpenSSL can also be used to generate new keys of a specified size. Let’s use the openssl command to generate a new private key with a key size of 2048 bits:

$ openssl genrsa -out private.key 2048

Generating RSA private key, 2048 bit long modulus
..........................................................................................................................................................................................................................................................................+++
....................+++
e is 65537 (0x10001)

This output indicates that the openssl genrsa command has successfully generated an RSA private key with a modulus length of 2048 bits. The dots indicate the progress of the key generation process, and the +++ indicates that the process has completed. The value of e (the public exponent) is also shown, with a default value of 65537.Finally, the program saves the private key to a file named private.key.

Similarly, to generate a new symmetric key with a key size of 256 bits, we can run:

$ openssl rand -base64 32 > key.bin

This command will generate a new random binary key of 32 bytes (256 bits) and save it to the file key.bin. We can then use this key to encrypt and decrypt messages. We can see the result of this command with the cat command:

$ cat key.bin
MzM0NjY5MzY5ODM0Njg1MzQ1NjY4NTM0NjkzNjg1MzQ=

4. Conclusion

Determining the key size of encryption keys is an important aspect of data security. The OpenSSL command-line tool offers a straightforward way to determine the key size of existing keys and generate new keys of a specified size. Using this tool, we can ensure that we create encryption keys of appropriate strength and secure our data against unauthorized access.