step crypto keypair generates a raw public /
private keypair in PEM format. These keys can be used by other operations
to sign and encrypt data, and the public key can be bound to an identity
in a CSR and signed by a CA to produce a certificate.
Private keys are encrypted using a password. You'll be prompted for this
password automatically when the key is used.
The path to write the public key.
The path to write the private key.
The kty to build the certificate upon.
If unset, default is EC.
kty is a case-sensitive string and must be one of:
EC: Create an elliptic curve keypair
OKP: Create an octet key pair (for "Ed25519" curve)
RSA: Create an RSA keypair
The size (in bits) of the key for RSA and oct key types. RSA keys require a
minimum key size of 2048 bits. If unset, default is 2048 bits for RSA keys and 128 bits for oct keys.
The elliptic curve to use for EC and OKP key types. Corresponds
to the "crv" JWK parameter. Valid curves are defined in JWA [RFC7518]. If
unset, default is P-256 for EC keys and Ed25519 for OKP keys.
curve is a case-sensitive string and must be one of:
P-256: NIST P-256 Curve
P-384: NIST P-384 Curve
P-521: NIST P-521 Curve
Ed25519: Ed25519 Curve
Create a PEM representing the key encoded in an
existing jwk-file instead of creating a new key.
The path to the file containing the password to encrypt or decrypt the private key.
Do not ask for a password to encrypt a private key. Sensitive key material will
be written to disk unencrypted. This is not recommended. Requires --insecure flag.
Force the overwrite of files without asking.
This command returns 0 on success and >0 if any error occurs.
Create an RSA public / private key pair with 4096 bits: