How to generate .pem Private and Public Key Files on Mac and Windows? [2024 latest]

Published on August 25, 2023

By Prathmesh Chopade

Share on

In encryption and secure communication, .pem key files play a crucial role in ensuring data confidentiality and authenticity. Whether you're a Mac or Windows user, understanding how to generate .pem private and public key files is a valuable skill. In this guide, we'll walk you through the step-by-step process on both platforms.


Before we dive into the technical details, let's establish a clear understanding of what .pem key files are and why they matter. A .pem file, which stands for Privacy Enhanced Mail, is a widely-used file format that stores cryptographic keys. These keys are utilized in various scenarios such as SSH authentication, SSL/TLS certificates, and more.

Section 1: Understanding Key Concepts

Public-key cryptography forms the basis for .pem keys. In this asymmetric encryption scheme, a pair of keys is generated: one private and one public. The private key is kept secure and never shared, while the public key can be distributed freely. Data encrypted with the public key can only be decrypted with the corresponding private key, establishing a secure communication channel.

Section 2: Generating .pem Key Pair on Mac

Subsection 2.1: Using OpenSSL

  • Install OpenSSL:
    Start by opening the Terminal on your Mac. If you don't have OpenSSL installed, you can use Homebrew to install it:

    brew install openssl

  • Generate Keys:
    Execute the subsequent command to create a private key:

    openssl genpkey -algorithm RSA -out private_key.pem

  • Extract Public Key:
    Retrieve the public key from the private key:

    openssl rsa -pubout -in private_key.pem -out public_key.pem

Subsection 2.2: Using Keychain Access (Optional)

  • Open Keychain Access:
    Search for "Keychain Access" in Spotlight and launch the application.

  • Generate a Key Pair:
    In Keychain Access, go to "Keychain Access" > "Certificate Assistant" > "Create a Certificate." Follow the wizard to create a certificate with a private key. Export the certificate in .p12 format.

  • Convert to .pem:
    Open Terminal and navigate to the directory containing the .p12 file:

    openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes

Section 3: Generating .pem Key Pair on Windows

Subsection 3.1: Using OpenSSL for Windows

  • Download OpenSSL:
    Download the OpenSSL for Windows installer from the official website and install it.

  • Generate Keys:
    Open the Command Prompt and navigate to the OpenSSL installation directory:

    cd C:\OpenSSL-Win64\bin

  • Generate Private Key:
    Use the following command to generate a private key:

    openssl genpkey -algorithm RSA -out private_key.pem

  • Generate Public Key:
    Extract the public key from the private key:

    openssl rsa -pubout -in private_key.pem -out public_key.pem

Subsection 3.2: Using PuTTYgen (Optional)

  • Download PuTTYgen:
    Download and install PuTTYgen, a graphical key generator for Windows.

  • Generate Key Pair:
    Open PuTTYgen and select the RSA key type. Click "Generate" to create a key pair. Save both the private and public keys.

Section 4: Best Practices and Security Considerations

  • Protect Private Keys:
    Safeguard your private keys and avoid from sharing them.

  • Use Strong Passphrases:
    Set a strong passphrase when generating private keys to add an extra layer of security.

  • Backup Your Keys:
    Regularly backup your keys in a safe location to prevent data loss.

Section 5: Using Generated Keys

Once you've generated your .pem key pair, you can use them for various purposes...

Section 6: Troubleshooting and FAQs

Q1: I can't find OpenSSL on my Mac/Windows after installation.
A: Ensure the OpenSSL binary directory is in your system's PATH environment variable.

Q2: How can I secure my private key?
A: Store your private key in a password-protected folder or use an encrypted USB drive.

Section 7: Conclusion

Congratulations! You've learned how to generate .pem private and public key files on both Mac and Windows. These keys are invaluable tools for securing your digital communication and identity. Remember to follow best practices to keep your keys safe. Feel free to reach out with questions or feedback – secure communication begins with knowledge!

By following this comprehensive guide, you've equipped yourself with the skills to generate .pem private and public key files on both Mac and Windows systems. Remember to practice caution and adhere to security best practices to ensure the safety of your keys and communications.

Happy learning!