On 07/26/2017 10:13 AM, Michele Mase' wrote:
During the generation of x509
certificates, both commands give the
same results:
Command "a": openssl req -nodes -newkey
rsa:2048 -keyout example.key -out
example.csr -subj
"/C=GB/ST=London/L=London/O=Global
Security/OU=IT Department/CN= example.com"
Command "b": openssl genrsa -out example.key
Both commands give me a private key without
password, a key that is not encrypted.
To remove the passphrase from private key, I use
the
Command "c":openssl rsa -in example.key -out
example2.key
The command "c" against the example.key generated by
command "a", gives the same private key with
different content between --BEGIN RSA and --END RSA.
Simply, try the following:
diff example.key example2.key, the files are
different.
The command "c" against example.key generate by the
command "b" produces the same file. No differences.
Why?
Perhaps I missed something in openssl manual ... :(
These differenced gave me troubles using custom certificates
in some software.
Any suggestion?
The output from openssl req includes an additional layer of encoding
and the rsaEncryption OID around the actual key parameters, as can
be seen using openssl asn1parse. The conversion with 'openssl rsa'
removes that extra encoding.
-Ben
|
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
