what are public and private keys - Certificate Management Service

This topic explains the core concepts of public and private keys in asymmetric key encryption and how they work. It also shows you how to use the OpenSSL and Keytool command line interfaces (CLIs) to create an RSA private key that meets the requirements of Alibaba Cloud Certificate Management Service and a Certificate Signing Request (CSR) file to submit for a certificate application.

Definition of public and private keys

A public key and a private key are a key pair generated by an asymmetric encryption algorithm. The key pair has the following core attributes:

Unique pairing
- The public key and private key are generated as an inseparable pair.
- Data encrypted with the public key can be decrypted only with the matching private key.
- Data signed with the private key can be verified only with the matching public key.
Distinct responsibilities
- Public key: Shared publicly to encrypt data and verify signatures.
- Private key: Kept strictly confidential to decrypt data and create signatures.
Applications in SSL/TLS
- Key exchange: Securely transmits the session key used for symmetric encryption.
- Identity verification: Proves that the server possesses the private key that matches the certificate.
- Digital signature: Ensures data integrity and authenticates the source.

Important

The private key is the core of the security system. If the private key is compromised, all encrypted communications are no longer secure. For more information about how private keys are protected, see How does Certificate Management Service protect private keys?.

How public keys, private keys, and SSL certificates work together

A secure SSL/TLS communication channel is established in five steps:

Certificate presentation
The server sends its SSL Certificate to the client. The certificate contains:
- The server's public key
- Identity information, such as the domain name
- The CA's digital signature
- The certificate validity period
Certificate verification (client-side)
- The client checks whether the certificate was issued by a trusted certification authority (CA).
  Note
  This verification process relies on the trusted root certificate store pre-installed in the client's operating system or browser. The client verifies the certificate chain in the following order: server certificate, intermediate certificate, and root certificate. The server certificate is trusted if the chain can be traced back to a trusted root certificate in the local store.
- The client checks whether the certificate is within its validity period.
- The client checks whether the certificate's domain name matches the endpoint being accessed.
Private key proof
The server proves that it owns the private key in one of the following ways:
- RSA key exchange: The server uses its private key to decrypt the pre-master secret sent by the client.
- DH/ECDH key exchange: The server uses its private key to sign the ServerKeyExchange message.
- TLS 1.3: The server uses its private key to sign the CertificateVerify message.
Session key negotiation
Both parties use the exchanged information to generate an identical session key for symmetric encryption.
Encrypted communication
All subsequent data is encrypted using the session key for symmetric encryption. This ensures both efficiency and security.

Create a private key

Alibaba Cloud SSL Certificate Service requires that private keys meet the following conditions:

Encryption algorithm: RSA
Key length: At least 2048 bits

You can create a private key in one of the following ways as needed:

Note

If you purchase a certificate from Alibaba Cloud Certificate Management Service, set CSR Generation to Automatic when you purchase, create, or apply for the certificate. In this case, you do not need to create a private key or a CSR file.

Generate a new private key

This method is ideal for most non-Java environments, such as Nginx or Apache, or when you need to generate a key from scratch.

Obtain and install the OpenSSL tool.
Obtain the installation package from the OpenSSL website.
Note
Ensure that you are using an officially supported, stable version of OpenSSL, such as 1.1.1 or 3.x. Outdated versions may contain known security vulnerabilities. You can check your current version by running the openssl version command in your terminal.

Generate the private key file.

The following commands create a PEM-formatted private key file named myprivate.pem that uses the RSA algorithm and a specified key length. Run only one of the following commands to generate the private key based on your security requirements.

# Generate a 2048-bit key
openssl genrsa -out myprivate.pem 2048

# Generate a more secure 4096-bit key
openssl genrsa -out myprivate.pem 4096

# Generate a password-protected private key (recommended for high-security scenarios)
openssl genrsa -aes256 -out myprivate.pem 4096

Extract a private key from an existing Java Keystore (JKS)

Use this method if you have a key pair stored in a Java Keystore (.jks file) using keytool and need to export the private key in PEM format. For example, you may need to do this to configure non-Java environments such as Nginx, Apache, or CDN. You can use one of the following methods to export the key.

Use the Alibaba Cloud certificate format conversion tool

Alibaba Cloud Certificate Management Service provides a free online tool to convert a JKS keystore to PEM-formatted private key and certificate files in a single step. For more information, see Convert the format of a certificate.

Use the OpenSSL command line interface

Convert the JKS format to PKCS12 format.

The keytool CLI cannot directly export a private key to PEM format. However, you can first convert it to the more universal PKCS12 (.p12) format. Run the following command. You will be prompted to enter the source JKS keystore password and a new password for the destination PKCS12 file.

# -srckeystore mydomain.jks   : Specifies the source Java Keystore (JKS) filename.
# -destkeystore mydomain.p12  : Specifies the name of the destination PKCS12 file to be generated.
# -srcalias mydomain          : Specifies the original alias of the private key entry in the JKS keystore. Replace mydomain with your actual alias.
# -destalias mydomain         : Specifies the destination alias for the key entry in the new P12 file. This is usually the same as the source alias.
keytool -importkeystore -srckeystore mydomain.jks -destkeystore mydomain.p12 -deststoretype PKCS12 -srcalias mydomain -destalias mydomain

Extract the PEM-formatted private key from the PKCS12 file.
If OpenSSL is not installed, obtain the installation package from the OpenSSL website and install it.
Note
Ensure that you are using an officially supported, stable version of OpenSSL, such as 1.1.1 or 3.x. Outdated versions may contain known security vulnerabilities. You can check your current version by running the openssl version command in your terminal.
Use the openssl CLI to extract the unencrypted, PEM-formatted private key from the .p12 file created in the previous step. Run the following command. You will be prompted to enter the password for the PKCS12 file that you set in the previous step.
```
# The myprivate.pem file is the final private key file that you need.
# -nodes: Do not encrypt the output private key.
# -nocerts: Do not output certificates, only the private key.

# For OpenSSL 3.0 and later, add the -legacy parameter if you encounter backward compatibility issues.
openssl pkcs12 -in mydomain.p12 -nodes -nocerts -out myprivate.pem

# If an "unsupported algorithm" error occurs or decryption fails in OpenSSL 3.x, try adding -legacy. Note: This enables deprecated encryption algorithms.
openssl pkcs12 -in mydomain.p12 -nodes -nocerts -out myprivate.pem -legacy
```

The exported private key file is a Privacy-Enhanced Mail (PEM) encoded text file. Its content is typically represented in one of the following two formats:

PKCS#1 format

The PKCS#1 format is part of the RSA cryptography standard and defines the syntax for RSA public and private keys. The header of the private key file is -----BEGIN RSA PRIVATE KEY-----.

-----BEGIN RSA PRIVATE KEY-----
(Base64-encoded key content)
-----END RSA PRIVATE KEY-----

PKCS#8 format

PKCS#8 is a more general syntax standard for private key information and can contain private keys for different algorithms, such as RSA and ECC. The header of the private key file is -----BEGIN PRIVATE KEY-----.

-----BEGIN PRIVATE KEY-----
(Base64-encoded key content)
-----END PRIVATE KEY-----

Note

Regardless of how it is generated, always store your private key file securely. If a private key is lost or compromised, any data encrypted with the corresponding public key is at risk of being decrypted, and the associated digital certificate is rendered unusable.

Create a Certificate Signing Request (CSR)

To use a self-created private key when you purchase, create, or apply for a certificate in Certificate Management Service, follow these steps:

Create a CSR file.
Use your private key to create a Certificate Signing Request (CSR) file. Run the following command. The command prompts you to enter the required information, such as country, state or province, city, organization, and Common Name. The command generates your CSR file, named mydomain.csr.
Note
The Common Name must exactly match the domain name for which you are applying for the certificate, such as www.aliyun.com.
```
# -key myprivate.pem: Specifies the private key file you generated in the previous step.
# -out mydomain.csr: Specifies the name of the generated CSR file.
openssl req -new -key myprivate.pem -out mydomain.csr
```
Use the CSR file created in the previous step.
When you purchase, create, or apply for a certificate, set CSR Generation to Manual and paste the content of your CSR file. For more information, see Purchase a commercial certificate, Create an SSL certificate, and Submit an application to a CA.