Creating a private key

A private key is the base for creating digital signatures.

About this task

There are different cryptographic algorithms and key parameters that influence the format of the private key and resulting signatures. Take care to choose key parameters that are compatible with both IBM Z® secure boot firmware and Linux® kernel module verification.

The common key format used for Linux digital signatures is RSA with a key length of 2048 bits. This format is also supported by IBM Z firmware.

Procedure

Use the openssl genpkey command to create a private key.

For example, issue:

$ openssl genpkey -algorithm RSA \
                  -pkeyopt rsa_keygen_bits:2048 \
                  -out private-key.pem

The above example generates a new private key using the RSA algorithm with key length of 2048 bits, and stores the result in a file named private-key.pem.

What to do next

You can now use the private key for a self-signed certificate, see Creating a self-signed certificate.