I have a keypair. How do I determine the key length?

Question

Using OpenSSL from the command line in Linux, is there some way to examine a key (either public or private) to determine the key size?

There are many different ways depending on the format of the keypair. Were you looking at a specific format? — Zoredache, Oct 27 '11 at 19:55
As a rule of thumb, the size (in bytes) of a .pem RSA private key is roughly 3/4 of the size of the key length (in bits) - e.g. a 4096-bit key might be roughly 3247 bytes. File sizes do vary though. — mwfearnley, Dec 03 '19 at 11:34

score 118 · Accepted Answer · edited Oct 27 '11 at 20:22

118

openssl rsa -in private.key -text -noout

The top line of the output will display the key size.

For example:

Private-Key: (2048 bit)

To view the key size from a certificate:

$ openssl x509 -in public.pem -text -noout | grep "RSA Public Key"
RSA Public Key: (2048 bit)

edited Oct 27 '11 at 20:22

MikeyB

answered Oct 27 '11 at 19:45

Shane Madden

1

And if he is using DSA, or something else. How about determining the key size from the public key(cert). – Zoredache Oct 27 '11 at 19:51
@Zoredache Yeah - I could have sworn the question said "private key" specifically; either I'm losing it or an edit beat the 5 minute timer. – Shane Madden Oct 27 '11 at 20:13
4

OpenSSL 1.0.1g 7 Apr 2014 format requires `| grep "Public-Key"` – Vadzim Sep 15 '15 at 07:23

score 16 · Answer 2 · answered Oct 27 '11 at 19:50

16

The first (2048) is the bit length of the key:

 $ ssh-keygen -lf /etc/ssh/rsa_key.pub 
 2048 91:1c:ae:17:16:...

answered Oct 27 '11 at 19:50

Adrien P.

8

He said 'openssl', not 'openssh'. – MikeyB Oct 27 '11 at 20:46
This would actually work on a private key generated by `openssl genrsa`. You would probably have to point it directly to the private key file though. – mwfearnley Mar 19 '21 at 14:40

2 Answers2