What are public and private keys - Certificate Management Service

This topic explains the core concepts of public keys and private keys in asymmetric encryption. It also shows you how to use OpenSSL and Keytool to create an RSA private key that meets the requirements of Alibaba Cloud Certificate Management Service and generate a Certificate Signing Request (CSR) file for a certificate application.

Definition of public and private keys

A public key and a private key are a key pair generated by an asymmetric encryption algorithm. This pair has these core characteristics:

Unique pairing
- The public key and private key are generated as an interconnected, inseparable pair.
- Data encrypted with the public key can be decrypted only with the matching private key.
- Data signed with the private key can only be verified with the matching public key.
Distinct responsibilities
- Public key: Shared publicly to encrypt data and verify signatures.
- Private key: Kept confidential to decrypt data and create signatures.
Applications in SSL/TLS
- Key exchange: Securely transmits the session key used for symmetric encryption.
- Authentication: Proves that the server possesses the private key that matches the certificate.
- Digital signature: Ensures data integrity and authenticates the source.

Important

The private key is the core of the security system. If the private key is compromised, all encrypted communications are no longer secure. For details about how private keys are protected, see How does Certificate Management Service protect private keys?.

How public keys, private keys, and SSL certificates work together

A secure SSL/TLS communication channel is established in five steps:

Certificate presentation
The server sends its SSL certificate to the client. The certificate contains:
- The server's public key
- Identity information, such as the domain name
- The CA's digital signature
- The certificate's validity period
Certificate verification (client-side)
- Whether the certificate was issued by a trusted Certificate Authority (CA).
  Note
  This verification process relies on the trusted root certificate store pre-installed in the client's operating system or browser. The client verifies the certificate chain in order (server certificate → intermediate certificate → root certificate). The server certificate is trusted if the chain traces back to a trusted root certificate in the local store.
- Whether the certificate is within its validity period
- Whether the certificate's domain name matches the domain being accessed
Private key proof
The server proves it owns the private key in one of these ways:
- RSA key exchange: The server uses its private key to decrypt the pre-master secret sent by the client.
- DH/ECDH key exchange: The server uses its private key to sign the ServerKeyExchange message.
- TLS 1.3: The server uses its private key to sign the CertificateVerify message.
Session key negotiation
Both parties use the exchanged information to generate an identical session key for symmetric encryption.
Encrypted communication
All subsequent data is transmitted using the session key for symmetric encryption, ensuring both efficiency and security.

Create a private key

Alibaba Cloud Certificate Management Service requires that private keys meet these conditions:

Encryption algorithm: RSA
Key length: At least 2048 bits

You can create a private key in one of the following ways as needed:

Note

If you are purchasing a certificate from Alibaba Cloud Certificate Management Service, we recommend selecting Automatic for the CSR Generation when you purchase, create, or apply for the certificate. You do not need to create a private key or CSR file.

Generate a new private key

This method is ideal for non-Java environments, such as Nginx or Apache, or when you need to generate a key from scratch.

Download and install the OpenSSL tool.
Obtain the installation package from OpenSSL.
Note
Ensure you are using a recent, stable version of OpenSSL (such as 1.1.1 or 3.x). Outdated versions may contain known security vulnerabilities. Check your current version by running the openssl version command in your terminal.

Generate the private key file.

Run one of the following commands to create a PEM-formatted RSA private key file named myprivate.pem that uses a specified key length.

# Generate a 2048-bit key
openssl genrsa -out myprivate.pem 2048

# Generate a more secure 4096-bit key
openssl genrsa -out myprivate.pem 4096

# Generate a password-protected private key (recommended for high-security scenarios)
openssl genrsa -aes256 -out myprivate.pem 4096

Extract a private key from an existing Java Keystore (JKS)

Use this method if you have a key pair in a JKS file and need to export the private key in PEM format, for example, to configure non-Java environments like Nginx, Apache, or a Content Delivery Network (CDN). You can use one of two methods to export the key.

Use the Alibaba Cloud certificate format conversion tool

Alibaba Cloud Certificate Management Service provides a free online tool to convert a JKS Keystore to PEM-formatted private key and certificate files in a single step. For details, see How do I convert the format of a certificate?.

Use the OpenSSL Command Line Interface (CLI)

Convert the JKS format to PKCS12 format.

The keytool cannot directly export a private key to PEM format. However, you can first convert it to the more universal PKCS12 (.p12) format. Run the following command. You will be prompted to enter the source JKS password and a new password for the destination PKCS12 file.

# -srckeystore mydomain.jks   : Specifies the source Java Keystore (JKS) filename.
# -destkeystore mydomain.p12  : Specifies the name of the destination PKCS12 file to be generated.
# -srcalias mydomain          : Specifies the original alias of the private key entry in the JKS keystore. Replace mydomain with your actual alias.
# -destalias mydomain         : Specifies the destination alias for the key entry in the new P12 file (usually the same as the source alias).
keytool -importkeystore -srckeystore mydomain.jks -destkeystore mydomain.p12 -deststoretype PKCS12 -srcalias mydomain -destalias mydomain

Extract the PEM-formatted private key from the PKCS12 file.
If OpenSSL is not installed, obtain the installation package from OpenSSL.
Note
Ensure that you are using a recent, stable version of OpenSSL (such as 1.1.1 or 3.x). Outdated versions may contain known security vulnerabilities. Check your current version by running the openssl version command in your terminal.
Use openssl to extract the unencrypted, PEM-formatted private key from the .p12 file created in the previous step. Run the following command. You will be prompted to enter the password for the PKCS12 file that you set in the previous step.
```
# The myprivate.pem file is the final private key file you need.
# -nodes: Do not encrypt the output private key.
# -nocerts: Do not output certificates, only the private key.

# For OpenSSL 1.1.1 and earlier:
openssl pkcs12 -in mydomain.p12 -nodes -nocerts -out myprivate.pem

# For OpenSSL 3.0 and later, use the -legacy option for compatibility with older keystores.
openssl pkcs12 -in mydomain.p12 -nodes -nocerts -out myprivate.pem -legacy
```

The exported private key file is a PEM-encoded text file. Its content is typically represented in one of the following two formats:

PKCS#1

The PKCS#1 format is part of the RSA cryptography standard and defines the syntax for RSA public and private keys. The header of its private key File is -----BEGIN RSA PRIVATE KEY-----.

-----BEGIN RSA PRIVATE KEY-----
(Base64-encoded key content)
-----END RSA PRIVATE KEY-----

PKCS#8

PKCS#8 is a more general syntax standard for private key information and can contain private keys for different algorithms, such as RSA and ECC. The header of its private key File is -----BEGIN PRIVATE KEY-----.

-----BEGIN PRIVATE KEY-----
(Base64-encoded key content)
-----END PRIVATE KEY-----

Note

Always store your private key file securely. If a private key is lost or compromised, any data encrypted with the corresponding public key is at risk of being compromised, and the associated digital certificate is rendered invalid.

Create a CSR

To use a self-created private key when purchasing, creating, or applying for a certificate in Certificate Management Service, follow these steps:

Create a CSR file.
Run the following command to create a CSR file from your private key. The command prompts you to enter the required information, such as country, state or province, city, organization, and Common Name (CN). The command generates your CSR file, named mydomain.csr.
Note
The CN must exactly match the domain name for which you are applying for the certificate, such as www.aliyun.com.
```
# -key myprivate.pem: Specifies the private key file you generated in the previous step.
# -out mydomain.csr: Specifies the name of the generated CSR file.
openssl req -new -key myprivate.pem -out mydomain.csr
```
Use the CSR file created in the previous step.
When applying for the certificate, select Manual for the CSR Generation and paste the contents of your CSR file. For details, see Purchase a commercial certificate, Create an SSL certificate, and Submit an application to a Certificate Authority (CA).