randomly generates a PrivateKey and corresponding PublicKey object for use with public-key cryptographic functions.


randomly generates private and public keys of the specified type.


randomly generates keys using the specified options.

Details and Options

  • GenerateAsymmetricKeyPair returns an association of the form <|"PrivateKey","PublicKey" |>.
  • GenerateAsymmetricKeyPair[] by default uses the "RSA" type, with a system-specific, high-entropy randomness source.
  • In GenerateAsymmetricKeyPair["type"], the following types can be specified:
  • "RSA"RSA with default parameters
    "EllipticCurve"elliptic curve secp256k1
    "Bitcoin","Ethereum"keys suitable for blockchains
  • GenerateAsymmetricKeyPair has the following option:
  • MethodAutomaticdetails of key generation method
  • With the setting Method->assoc, the association assoc gives details of the key generation method to use.
  • The following element must always be included in the association:
  • "Type""RSA"type of keys to produce
  • Possible settings for "Type" are "RSA" and "EllipticCurve".
  • For "RSA", the following elements can be given in the association:
  • "KeySize"2048target size of key in bits
    "PublicExponent"65537public exponent
    "Padding""PKCS1"padding mode
  • Possible settings for "Padding" include "OAEP", "PKCS1", "SSLV23", and None.
  • For "RSA", the maximum length of data that can be encrypted is determined by the number of bytes in the modulus, and the padding mode according to:
  • "PKCS1"<b-11
  • Encrypting with the private key and decrypting with the public key only works with the padding modes "PKCS1" and None.
  • For "EllipticCurve", the following elements can be given in the association:
  • "CurveName""secp256k1"elliptic curve to use
    "Compressed"Falsewhether the public key is in compressed form
  • "Bitcoin" uses "CurveName""secp256k1" and "Compressed"True.
  • "Ethereum" uses "CurveName""secp256k1 and "Compressed"False.


open allclose all

Basic Examples  (2)

Generate corresponding public and private keys:

Encrypt using the public key:

Decrypt with the private key:

Alternatively, encrypt with the private key:

Decrypt with the public key:

Generate an elliptic curve key pair using the default curve secp256k1:

Scope  (5)

Default Method  (1)

Generate a key pair without arguments, using RSA as the default method:

Named Methods  (3)

Generate an RSA key pair:

Generate an elliptic curve key pair using the default curve secp256k1:

Generate key pairs compatible with cryptocurrency networks:

Particular Settings  (1)

Provide an association with particular settings in the Method option:

Options  (6)

Method  (6)

Generate a key pair with a 4096-bit key:

Generate a key pair with a public exponent of 17:

Generate a key pair and specify that OAEP padding should be used:

Generate a Bitcoin key pair with a compressed public key:

Generate an Ethereum key pair with an uncompressed public key:

Generate an elliptic-curve based key pair using a named method:

Applications  (2)

Generate a personal pair of elliptic-curve based keys to sign and verify a message using the Elliptic Curve Digital Signature Algorithm:

Generate a digital signature using your private key:

Verify a digital signature using your public key:

Write simple RSA-based signing and verification functions:

Generate a pair of public and private RSA keys:

Define an expression to sign:

Generate a signature:

Verify that the signature is authentic:

Verifying with another expression will fail:

Possible Issues  (4)

Incompatible Private Keys  (2)

By default, GenerateAsymmetricKeyPair creates keys for the RSA cipher, which are incompatible with the ECDSA:

Encryption with elliptic curvebased keys is not currently supported:

Incompatible Padding Modes  (1)

Encrypting with a private key is not possible for certain padding modes:

Timing  (1)

Generating larger keys takes longer:

Introduced in 2015
Updated in 2019