How to generate a custom signing key (.pem) using OpenSSL

[Tutorial] How to generate a custom signing key (.pem) using OpenSSL

hovatek
Administrator

49,585

12-03-2020, 07:20 PM

#1

This guide will explain how to generate a custom key which can be used to sign your Android images like boot, recovery, system etc. This guide will come in handy in a case where the bootloader only accepts signed images (whether self-signed or factory-signed).

Requirements

A PC (I'm using Windows for this guide)
Download and install OpenSSL Light for Windows @ https://slproweb.com/products/Win32OpenSSL.html

Steps to create a custom signing key using OpenSSL

Follow the steps below to generate a custom private key

See the video tutorial below or @ https://youtu.be/uICvoalIUf8

Tap the Start menu and search for cmd.exe
Right-click CMD from the results and run as Administrator
Click Yes when prompted
Open the directory where OpenSSL was installed to and open the bin folder (mine is C:\Program Files\OpenSSL-Win64\bin . Ensure to enter yours in the command below)
Right-click the address bar and select Copy address
Go back to command prompt, type this command (use your own location) and tap Enter

Code:

cd C:\Program Files\OpenSSL-Win64\bin
You should now be in the C:\Program Files\OpenSSL-Win64\bin at command prompt
Type this command (I've chosen to name my key hovatek) and tap Enter

Code:

openssl genrsa -f4 -out hovatek.pem 4096
Wait till its done (i.e back to C:\Program Files\OpenSSL-Win64\bin>_)
You should now find a hovatek.pem file

Important Notice

Your OpenSSL installation directory might vary from mine so ensure to enter yours
The generated .pem file is a custom one and very likely to be different from what your device's OEM uses to sign its images

This post was last modified: 12-03-2020, 08:42 PM by hovatek.

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.

nheaven
Junior Member

30

07-09-2021, 04:44 AM

#2

Why I can't get a .pem file after running OpenSSL in the bin folder?

X3non
Recognized Contributor

22,062

07-09-2021, 11:45 AM

#3

(07-09-2021, 04:44 AM)nheaven Why I can't get a .pem file after running OpenSSL in the bin folder?

depends on the folder path where you ran the openssl command and what command you sent
you should upload a screenshot showing your cmd prompt window

nheaven
Junior Member

30

07-09-2021, 08:27 PM

#4

(07-09-2021, 11:45 AM)X3non
(07-09-2021, 04:44 AM)nheaven Why I can't get a .pem file after running OpenSSL in the bin folder?

depends on the folder path where you ran the openssl command and what command you sent
you should upload a screenshot showing your cmd prompt window

I can get the output in Linux, but not in windows 7

Kelexine
Senior Member

152

12-01-2023, 10:50 AM

#5

(07-09-2021, 11:45 AM)X3non
(07-09-2021, 04:44 AM)nheaven Why I can't get a .pem file after running OpenSSL in the bin folder?

depends on the folder path where you ran the openssl command and what command you sent
you should upload a screenshot showing your cmd prompt window

you can just add it to path in environmentalal variables

View a Printable Version

Users browsing this thread:
1 Guest(s)

Requirements

Steps to create a custom signing key using OpenSSL

Find us

Call us

Mail us

Useful Links

Actions