PolarSSL is now part of ARM Official announcement and rebranded as mbed TLS.

Generating public and private key

Dec 2, 2016 03:20

I'm new to SSL/TLS. I'm trying to generate the public and private key using gen_key application that came with mbed TLS. I found this link below:


Following the instruction above, I typed:

./gen_key type=rsa rsa_keysize=4096 filename=private.key format=pem

Once the program finished, I found that I have private.key file, but could not find private.pub file any where. Please let me know where the public key file is, or how to generate the public key.

Thanks, Trip

Dec 2, 2016 18:35

Please ignore. I figured it out.

Dec 5, 2016 09:13

Hello Trip,

Maybe it is nice if you post to the forum what you did to figure it out, when someone has a similar question they don't have to post it to the forum again. Knowledge sharing is all this forum should be about!


Regards, Mark

Dec 8, 2016 01:18

gen_key does not generate both public and private key, it only generates the private key. Using the private key, we would request a certificate. The public key is then created in the certificate. At least that's my understanding.

Dec 8, 2016 12:28
Andres Amaya Garcia

Hi Trip,

The application mbedtls/programs/pkey/gen_key is a utility that can help to easily generate EC or RSA keys in PEM or DER format. This application will only output a private key file, and the public key can be computed by simply decoding information and doing the necessary arithmetic.

To generate both private and public key files in a specific format, an application can be written using the mbed TLS library. Alternatively, if the format is not important, the tool at programs/pkey/rsa_genkey generates both public and private 2048-bit RSA key files in plain text format. This rsa_genkey is also simpler and can be used as a starting point for software with specific requirements.

I hope this information is helpful.

Kind regards, Andres AG, mbed TLS Team Member

Dec 8, 2016 16:44

Thanks, Andres. Certainly very helpful information.

Aug 11, 2017 16:04

Hi Andres,

Thank you for information. I have one question.

Can we generate the public and private key of 1024 bits by using rsa_genkey.c file. I will wait for your valuable reply.

Thanks & Regards, Abhishek Shah

Aug 13, 2017 07:55
Ron Eldor

Hi Abhishek,
rsa_genkey is a sample application to show how to generate an rsa key pair. In order for you to generate a 1024 rsa key, all you need to do is modify in rsa_genkey.c the value of KEY_SIZE from 2048 to 1024.
Having said that, note that RSA with 1024bit key size has been deprecated and considered now as non-secure, so it is not recommended to use this key size.
mbed TLS Team member