LFCS Question #423: Real Exam Question with Answer & Explanation

The correct answer is B: openssl genrsa out privkey.pem 2048. The openssl genrsa command is used to generate an RSA private key, and specifying the output file and bit length without encryption options creates an unencrypted key.

Submitted by ravi_2018· Apr 18, 2026Essential Commands

Question

What openssl command will generate a private RSA key of 2048 bits and no passphrase?

Options

Aopenssl genrsa des3 out privkey.pem 2048
Bopenssl genrsa out privkey.pem 2048
Copenssl genrsa nopass out privkey.pem 2048
Dopenssl genrsa nopass des3 out privkey.pem 2048

Explanation

The openssl genrsa command is used to generate an RSA private key, and specifying the output file and bit length without encryption options creates an unencrypted key.

Common mistakes.

A. The des3 option encrypts the private key with a passphrase using the DES3 algorithm, which contradicts the requirement for "no passphrase."
C. The nopass option is typically used with openssl rsa to remove a passphrase from an existing key, or in contexts where an encryption algorithm is implicitly chosen; for genrsa, omitting encryption options already defaults to no passphrase.
D. This option includes both nopass and des3, which are contradictory; des3 encrypts with a passphrase, making nopass irrelevant or leading to an error.

Concept tested. OpenSSL RSA private key generation without passphrase

Reference. https://www.openssl.org/docs/manmaster/man1/genrsa.html

Topics

#openssl#RSA private key#Key generation#Command-line utilities

Community Discussion

No community discussion yet for this question.

Full LFCS Practice Browse All LFCS Questions