Generate a 2048 bit keyfile named private.key:

openssl genrsa -out private.key 2048

Take that keyfile and pull out the public key into public.key:

openssl rsa -in private.key -out public.key -pubout

Sign some text with your private key:

openssl dgst -sign private.key -out signature.asc<source.txt You can then send source.txt, signature.asc, and public.key and the recipient can verify your signature by doing: openssl dgst -verify public.key -signature signature.asc<source.txt The program will exit with 0 (success) if the signature matches and 1 (failure) if it is incorrect. Print out stuff in a CSR: openssl req -noout -text -in certificate.csr Every need to grab a certificate from somewhere? To grab the certificate for https://www.example.com, do: openssl s_client -connect www.example.com:443 (then hit ^C out of the interactive shell)